VYPR

CWE-1336

Improper Neutralization of Special Elements Used in a Template Engine

BaseIncomplete

Description

The product uses a template engine to insert or process externally-influenced input, but it does not neutralize or incorrectly neutralizes special elements or syntax that can be interpreted as template expressions or other code directives when processed by the engine.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (129)

page 4 of 7
  • CVE-2024-37301HigJun 11, 2024
    risk 0.40cvss 7.2epss 0.01

    Document Merge Service is a document template merge service providing an API to manage templates and merge them with given data. Versions 6.5.1 and prior are vulnerable to remote code execution via server-side template injection which, when executed as root, can result in full…

  • CVE-2026-46439higMay 28, 2026
    risk 0.39cvss epss 0.00

    A High severity Server-Side Template Injection (SSTI) vulnerability exists in the `trestle author jinja` command. The command recursively evaluates rendered templates, allowing an attacker to achieve arbitrary command execution with privileges of the running process by injecting…

  • CVE-2024-34710HigMay 20, 2024
    risk 0.39cvss 7.1epss 0.00

    Wiki.js is al wiki app built on Node.js. Client side template injection was discovered, that could allow an attacker to inject malicious JavaScript into the content section of pages that would execute once a victim loads the page that contains the payload. This was possible…

  • CVE-2024-55652MedDec 12, 2024
    risk 0.35cvss 6.5epss 0.01

    PenDoc is a penetration testing reporting application. Prior to commit 1d4219c596f4f518798492e48386a20c6e9a2fe6, an attacker can write a malicious docx template containing expressions that escape the JavaScript sandbox to execute arbitrary code on the system. An attacker who can…

  • CVE-2026-22191MedMar 13, 2026
    risk 0.34cvss 5.2epss 0.00

    Beghelli Sicuro24 SicuroWeb contains a template injection vulnerability that allows attackers to inject arbitrary AngularJS expressions by exploiting improper rendering of untrusted input in AngularJS template contexts. Attackers can inject malicious expressions that are…

  • CVE-2026-6984MedApr 25, 2026
    risk 0.31cvss 4.7epss 0.00

    A security flaw has been discovered in AstrBotDevs AstrBot up to 4.22.1. This affects the function create_template of the file astrbot/dashboard/routes/t2i.py of the component Dashboard API. The manipulation results in improper neutralization of special elements used in a…

  • CVE-2026-5987MedApr 9, 2026
    risk 0.31cvss 4.7epss 0.00

    A security vulnerability has been detected in Sanluan PublicCMS up to 6.202506.d. This affects the function AbstractFreemarkerView.doRender of the file publiccms-parent/publiccms-core/src/main/java/com/publiccms/common/base/AbstractFreemarkerView.java of the component FreeMarker…

  • CVE-2026-2969MedFeb 23, 2026
    risk 0.31cvss 4.7epss 0.01

    A flaw has been found in datapizza-labs datapizza-ai 0.0.2. Affected is the function ChatPromptTemplate of the file datapizza-ai-core/datapizza/modules/prompt/prompt.py of the component Jinja2 Template Handler. This manipulation of the argument Prompt causes improper…

  • CVE-2025-40900MedMay 19, 2026
    risk 0.30cvss 4.6epss 0.00

    An Angular template injection vulnerability was discovered in the Reports functionality due to improper validation of an input parameter. An authenticated user with report privileges can define a malicious report containing an Angular template payload, or a victim can be…

  • CVE-2026-49382MedMay 29, 2026
    risk 0.29cvss 4.5epss 0.00

    In JetBrains IntelliJ IDEA before 2026.1 code execution was possible via template injection in the Copyright plugin

  • CVE-2026-40602MedApr 21, 2026
    risk 0.29cvss 5.6epss 0.00

    The Home Assistant Command-line interface (hass-cli) is a command-line tool for Home Assistant. Up to 1.0.0 of home-assitant-cli an unrestricted environment was used to handle Jninja2 templates instead of a sandboxed one. The user-supplied input within Jinja2 templates was…

  • CVE-2026-35477MedApr 8, 2026
    risk 0.29cvss 5.5epss 0.00

    InvenTree is an Open Source Inventory Management System. From 1.2.3 to 1.2.6, the fix for CVE-2026-27629 upgraded the PART_NAME_FORMAT validator to use jinja2.sandbox.SandboxedEnvironment. However, the actual renderer in part/helpers.py was not updated and still uses the…

  • CVE-2026-41318MedApr 24, 2026
    risk 0.28cvss 5.4epss 0.00

    AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to version 1.12.1, AnythingLLM's in-chat markdown renderer has an unsafe custom rule for images that interpolates the markdown image's `alt` text…

  • CVE-2025-9094MedAug 17, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability was detected in ThingsBoard 4.1. This vulnerability affects unknown code of the component Add Gateway Handler. The manipulation leads to improper neutralization of special elements used in a template engine. The attack can be initiated remotely. The exploit has…

  • CVE-2026-40087MedApr 9, 2026
    risk 0.27cvss 5.3epss 0.00

    LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.84 and 1.2.28, LangChain's f-string prompt-template validation was incomplete in two respects. First, some prompt template classes accepted f-string templates and formatted them without…

  • CVE-2026-44723MedMay 26, 2026
    risk 0.26cvss 5.0epss 0.00

    Vowpal Wabbit is a machine learning system. The workflow .github/workflows/python_checks.yml embeds ${{ github.event.pull_request.title }} directly inside double-quoted bash strings in four separate steps across four jobs, each passing it as a CLI argument to the Python test…

  • CVE-2026-44916LowMay 8, 2026
    risk 0.20cvss 3.0epss 0.00

    In OpenStack Ironic before 35.0.2 (in a certain non-default configuration), instance_info['ks_template'] is rendered without sandboxing.

  • CVE-2023-29297Jun 15, 2023
    risk 0.01cvss epss 0.01

    Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Improper Neutralization of Special Elements Used in a Template Engine vulnerability that could lead to arbitrary code execution by an admin-privilege authenticated…

  • CVE-2022-22930Jan 20, 2022
    risk 0.01cvss epss 0.24

    A remote code execution (RCE) vulnerability in the Template Management function of MCMS v5.2.4 allows attackers to execute arbitrary code via a crafted payload.

  • CVE-2026-52796lowJun 22, 2026
    risk 0.00cvss epss 0.00

    ### Summary Special template of issue index pattern may cause panic. ### Details in internal/markup/markup.go ```go link = fmt.Sprintf(`%s`, com.Expand(metas["format"], metas), m) ``` Issue index pattern is rendered to link with `com.Expand`. However,…