CVE Catalog

CVE-2026-0685

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.73%

49th percentile — higher than 49% of all known CVEs

Summary

Server side template injection (SSTI) in the expression evaluation component in Genshi Template Engine version 0.7.9 allows a remote attacker to achieve remote code execution (RCE) via crafted template expressions.

Risk Assessment

An attacker can remotely execute arbitrary code on the server, leading to full system compromise, data theft, or application takeover.

Recommendation

Immediately update the Genshi Template Engine to the latest available version that fixes this vulnerability, and avoid using untrusted input in template expressions.

Original NVD description (English source)

Server side template inject (SSTI) in the expression evaluation component in Genshi Template Engine version 0.7.9 allows a remote attacker to achieve remote code execution (RCE) via crafted template expressions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS