CVE-2026-33154
Server-Side Template Injection in Dynaconf @Jinja Resolver
Publication date: 2026-03-20
Last updated on: 2026-04-14
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dynaconf | dynaconf | to 3.2.13 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1336 | The product uses a template engine to insert or process externally-influenced input, but it does not neutralize or incorrectly neutralizes special elements or syntax that can be interpreted as template expressions or other code directives when processed by the engine. |
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2026-33154 is a high-severity Remote Code Execution (RCE) vulnerability in the Dynaconf Python package (versions up to 3.2.12). It arises from unsafe template evaluation in the @jinja resolver when the jinja2 package is installed. Dynaconf evaluates configuration values containing Jinja2 templates without sandboxing, allowing attackers to execute arbitrary operating system commands if they can influence configuration sources such as environment variables, .env files, container environments, or CI/CD secrets.'}, {'type': 'paragraph', 'content': "The vulnerability stems from Dynaconf's string resolvers lacking proper security boundaries. The @Jinja resolver renders templates using full Jinja2 evaluation without sandboxing, enabling attackers to access Python internal attributes and execute OS commands. Similarly, the @Format resolver uses Python string formatting on internal objects, allowing traversal of object graphs to access sensitive runtime objects and environment variables."}, {'type': 'paragraph', 'content': "For example, attackers can leverage the 'cycler' object to traverse Python globals, import the 'os' module, and execute commands via os.popen(). This can lead to arbitrary command execution on the host system."}] [1]
How can this vulnerability impact me? :
Successful exploitation of this vulnerability allows attackers to execute arbitrary operating system commands, access sensitive environment variables, and compromise application secrets such as API keys, database credentials, and service tokens.
Attackers can gain full control over the running application process, potentially leading to data breaches, service disruption, and unauthorized access to internal systems.
Since configuration values can originate from remote sources like CI/CD pipelines or container orchestration environments, this vulnerability can be exploited remotely, increasing the risk and impact.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by checking if your system is running Dynaconf versions prior to 3.2.13 and if the jinja2 package is installed, as these versions evaluate Jinja2 templates without sandboxing, allowing potential remote code execution.'}, {'type': 'paragraph', 'content': 'You can attempt to detect exploitation by injecting malicious environment variables or configuration values containing Jinja2 template expressions that execute simple commands like `id` to see if they are evaluated. For example, setting an environment variable such as `DYNACONF_RCE` with a payload that tries to execute `id` via Jinja2 template syntax and observing if the command output is returned or logged.'}, {'type': 'paragraph', 'content': 'Additionally, monitoring logs or application behavior for unexpected command execution or errors related to template rendering can help detect exploitation attempts.'}, {'type': 'paragraph', 'content': "Specific commands to test might include setting environment variables or configuration entries with payloads like: `{{ cycler.__init__.__globals__.os.popen('id').read() }}` and checking if the output is executed or returned."}] [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate and recommended mitigation is to upgrade Dynaconf to version 3.2.13 or later, where this vulnerability has been patched.
If upgrading is not immediately possible, restrict or avoid using the @Jinja and @Format resolvers with untrusted input, especially avoiding configuration values that can be influenced by external or remote sources such as environment variables, .env files, container environments, or CI/CD secrets.
Implement sandboxing for Jinja2 template evaluation by using `jinja2.sandbox.SandboxedEnvironment` to prevent unsafe operations and arbitrary code execution.
Review and sanitize all configuration inputs to ensure they do not contain malicious template expressions.