CVE-2026-44209
Server-Side Template Injection in Banks Prompt Template Engine
Publication date: 2026-05-26
Last updated on: 2026-05-26
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| banks | jinja2 | 2.4.2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1336 | The product uses a template engine to insert or process externally-influenced input, but it does not neutralize or incorrectly neutralizes special elements or syntax that can be interpreted as template expressions or other code directives when processed by the engine. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in the Banks software prior to version 2.4.2, where it uses an unsandboxed jinja2.Environment() to render prompt templates. If an application passes user-supplied strings as the template argument to the Prompt() function, it becomes vulnerable to Server-Side Template Injection (SSTI). This means an attacker can inject malicious template code that the server executes, potentially leading to Remote Code Execution (RCE) on the host system.
How can this vulnerability impact me? :
The vulnerability can allow an attacker to execute arbitrary code remotely on the affected server. This can lead to unauthorized access, data theft, data manipulation, service disruption, or complete takeover of the host system running the vulnerable software.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should upgrade the Banks software to version 2.4.2 or later, where the issue has been fixed.
Avoid passing user-supplied strings directly as the template argument to Prompt() when using jinja2.Environment() to prevent Server-Side Template Injection (SSTI).