CVE-2026-2969
Template Injection Vulnerability in datapizza-ai Jinja2 Handler
Publication date: 2026-02-23
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| datapizza | datapizza_ai | 0.0.2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1336 | The product uses a template engine to insert or process externally-influenced input, but it does not neutralize or incorrectly neutralizes special elements or syntax that can be interpreted as template expressions or other code directives when processed by the engine. |
| CWE-791 | The product receives data from an upstream component, but does not completely filter special elements before sending it to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-2969 is a Server Side Template Injection (SSTI) vulnerability found in version 0.0.2 of the datapizza-labs datapizza-ai software. It affects the ChatPromptTemplate function in the datapizza-ai-core/datapizza/modules/prompt/prompt.py file, specifically in the Jinja2 Template Handler component.
The vulnerability arises because the application uses the Jinja2 template engine to compile and render user-controlled templates without proper sanitization or sandboxing. This improper neutralization of special elements in the template allows attackers to inject malicious Jinja2 expressions.
An attacker can exploit this flaw remotely by injecting crafted templates that execute arbitrary system commands on the server, such as creating files or listing directory contents, effectively allowing full server takeover.
How can this vulnerability impact me? :
This vulnerability can have severe impacts including full compromise of the affected system. Attackers who control prompt templates can execute arbitrary system commands remotely, potentially gaining complete control over the server.
- Remote command execution on the server.
- Complete subversion of the applicationβs behavior.
- Potential reverse shell access and full server takeover.
- Compromise of confidentiality, integrity, and availability of the system.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by checking for the presence of the vulnerable datapizza-ai version 0.0.2 and specifically the use of the ChatPromptTemplate function in the file datapizza-ai-core/datapizza/modules/prompt/prompt.py that uses Jinja2 templates without proper sanitization.'}, {'type': 'paragraph', 'content': "Detection can also involve looking for signs of Server Side Template Injection (SSTI) exploitation attempts, such as unusual template rendering behavior or unexpected files created by commands like 'touch pwned1' or 'touch pwned2' on the server."}, {'type': 'paragraph', 'content': "A practical approach is to attempt to inject Jinja2 expressions remotely (in a controlled and authorized environment) to see if arbitrary commands can be executed, for example by injecting payloads that execute commands like 'ls -alh' or create files."}, {'type': 'paragraph', 'content': "Specific commands to detect exploitation attempts or verify vulnerability include checking for the presence of suspicious files created by exploits (e.g., 'pwned1', 'pwned2') using:"}, {'type': 'list_item', 'content': 'ls -alh | grep pwned'}, {'type': 'list_item', 'content': "find / -name 'pwned*' 2>/dev/null"}, {'type': 'paragraph', 'content': 'Additionally, monitoring network traffic for unusual requests containing Jinja2 template syntax or payloads targeting the ChatPromptTemplate endpoint may help detect exploitation attempts.'}] [2, 3]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': 'Immediate mitigation steps include avoiding the use of the vulnerable datapizza-ai version 0.0.2 or replacing the affected component with an alternative product.'}, {'type': 'paragraph', 'content': "If continuing to use the affected software, modify the code to use Jinja2's sandboxed environment to safely render templates instead of directly using jinja2.Template with untrusted input."}, {'type': 'paragraph', 'content': 'Ensure that any user-controlled input used in template rendering is properly sanitized and neutralized to prevent injection of malicious template expressions.'}, {'type': 'paragraph', 'content': 'Since the vendor has not responded and no official patch is available, consider restricting access to the vulnerable functionality to trusted users only and monitor for exploitation attempts.'}] [2, 3]