CVE-2026-44209
Deferred Deferred - Pending Action
Server-Side Template Injection in Banks Prompt Template Engine

Publication date: 2026-05-26

Last updated on: 2026-05-28

Assigner: GitHub, Inc.

Description
Banks generates meaningful LLM prompts using a template language that makes sense. Prior to 2.4.2, banks uses jinja2.Environment() (unsandboxed) to render prompt templates. Applications that pass user-supplied strings as the template argument to Prompt() are vulnerable to Server-Side Template Injection (SSTI), which can lead to Remote Code Execution (RCE) on the host system. This vulnerability is fixed in 2.4.2.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-26
Last Modified
2026-05-28
Generated
2026-06-16
AI Q&A
2026-05-27
EPSS Evaluated
2026-06-14
NVD
CVE-2026-44209
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
banks jinja2 2.4.2
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1336 The product uses a template engine to insert or process externally-influenced input, but it does not neutralize or incorrectly neutralizes special elements or syntax that can be interpreted as template expressions or other code directives when processed by the engine.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability occurs in the Banks software prior to version 2.4.2, where it uses an unsandboxed jinja2.Environment() to render prompt templates. If an application passes user-supplied strings as the template argument to the Prompt() function, it becomes vulnerable to Server-Side Template Injection (SSTI). This means an attacker can inject malicious template code that the server executes, potentially leading to Remote Code Execution (RCE) on the host system.

Impact Analysis

The vulnerability can allow an attacker to execute arbitrary code remotely on the affected server. This can lead to unauthorized access, data theft, data manipulation, service disruption, or complete takeover of the host system running the vulnerable software.

Mitigation Strategies

To mitigate this vulnerability, you should upgrade the Banks software to version 2.4.2 or later, where the issue has been fixed.

Avoid passing user-supplied strings directly as the template argument to Prompt() when using jinja2.Environment() to prevent Server-Side Template Injection (SSTI).

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-44209. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart