CVE-2026-44209
Deferred Deferred - Pending Action

Server-Side Template Injection in Banks Prompt Template Engine

Vulnerability report for CVE-2026-44209, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-05-26

Last updated on: 2026-06-30

Assigner: GitHub, Inc.

Description

Banks generates meaningful LLM prompts using a template language that makes sense. Prior to 2.4.2, banks uses jinja2.Environment() (unsandboxed) to render prompt templates. Applications that pass user-supplied strings as the template argument to Prompt() are vulnerable to Server-Side Template Injection (SSTI), which can lead to Remote Code Execution (RCE) on the host system. This vulnerability is fixed in 2.4.2.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-05-26
Last Modified
2026-06-30
Generated
2026-07-06
AI Q&A
2026-05-27
EPSS Evaluated
2026-07-04
NVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
banks jinja2 2.4.2

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-917 The product constructs all or part of an expression language (EL) statement in a framework such as a Java Server Page (JSP) using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended EL statement before it is executed.
CWE-1336 The product uses a template engine to insert or process externally-influenced input, but it does not neutralize or incorrectly neutralizes special elements or syntax that can be interpreted as template expressions or other code directives when processed by the engine.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability occurs in the Banks software prior to version 2.4.2, where it uses an unsandboxed jinja2.Environment() to render prompt templates. If an application passes user-supplied strings as the template argument to the Prompt() function, it becomes vulnerable to Server-Side Template Injection (SSTI). This means an attacker can inject malicious template code that the server executes, potentially leading to Remote Code Execution (RCE) on the host system.

Impact Analysis

The vulnerability can allow an attacker to execute arbitrary code remotely on the affected server. This can lead to unauthorized access, data theft, data manipulation, service disruption, or complete takeover of the host system running the vulnerable software.

Mitigation Strategies

To mitigate this vulnerability, you should upgrade the Banks software to version 2.4.2 or later, where the issue has been fixed.

Avoid passing user-supplied strings directly as the template argument to Prompt() when using jinja2.Environment() to prevent Server-Side Template Injection (SSTI).

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-44209. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart