CWE-1336— Improper Neutralization of Special Elements Used in a Template Engine (SSTI)
The product uses a template engine to insert or process externally-influenced input, but it does not neutralize or incorrectly neutralizes special elements or syntax that can be interpreted as template expressions or other code directives when processed by the engine.— MITRE CWE catalog
164 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-1336page 4 of 4
- CVE-2026-44916LOWCVSS 3.0EG 3.02026-05-08
In OpenStack Ironic before 35.0.2 (in a certain non-default configuration), instance_info['ks_template'] is rendered without sandboxing.
- CVE-2026-45312CRITICALCVSS 9.9EG 9.92026-05-29
RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In 0.24.0 and earlier, a Jinja2 template injection in the prompt generator (rag/prompts/generator.py) allows any authenticated user to execute arbitrary OS commands on …
- CVE-2026-45697CRITICALCVSS 9.8EG 9.82026-05-18
Formie is a Craft CMS plugin for creating forms. Prior to 2.2.20 and 3.1.24, unauthenticated users could submit crafted values into Hidden fields (with Default value → Custom) that were evaluated as Twig during submission handling, which…
- CVE-2026-45714CRITICALCVSS 9.1EG 9.12026-05-13
CubeCart is an ecommerce software solution. Prior to 6.7.0, an Authenticated Server-Side Template Injection (SSTI) vulnerability exists in multiple modules of CubeCart (including Email Templates, Invoices, Documents, and Contact Forms). Th…
- CVE-2026-49382MEDIUMCVSS 4.5EG 4.52026-05-29
In JetBrains IntelliJ IDEA before 2026.1 code execution was possible via template injection in the Copyright plugin
- CVE-2026-52796LOWCVSS 3.5EG 3.52026-06-22
Gogs is an open source self-hosted Git service. Prior to 0.14.3, specially crafted issue index pattern can cause a panic when rendering, resulting in denial of service. In internal/markup/markup.go, RenderIssueIndexPattern renders the issu…
- CVE-2026-54390CRITICALCVSS 9.8EG 9.82026-06-18
JTL Shop versions 5.2.0 through 5.7.1 contains a server-side template injection vulnerability that allows unauthenticated attackers to inject malicious template syntax due to unsanitized user-supplied input passed to the Smarty template en…
- CVE-2026-5559MEDIUMCVSS 6.3EG 6.32026-04-05
A vulnerability has been found in AntaresMugisho PyBlade 0.1.8-alpha/0.1.9-alpha. The affected element is the function _is_safe_ast of the file sandbox.py of the component AST Validation. Such manipulation leads to improper neutralization …
- CVE-2026-55794HIGHCVSS 8.7EG 8.72026-07-02
Craft CMS is a content management system (CMS). In versions 5.9.0 and above prior to 5.10.0, control panel users with the ability to edit entries can execute unsandboxed Twig code via the HTTP Referrer header, potentially leading to authen…
- CVE-2026-5987MEDIUMCVSS 4.7EG 4.72026-04-09
A security vulnerability has been detected in Sanluan PublicCMS up to 6.202506.d. This affects the function AbstractFreemarkerView.doRender of the file publiccms-parent/publiccms-core/src/main/java/com/publiccms/common/base/AbstractFreemar…
- CVE-2026-6984MEDIUMCVSS 4.7EG 4.72026-04-25
A security flaw has been discovered in AstrBotDevs AstrBot up to 4.22.1. This affects the function create_template of the file astrbot/dashboard/routes/t2i.py of the component Dashboard API. The manipulation results in improper neutralizat…
- CVE-2026-8740MEDIUMCVSS 6.3EG 6.32026-05-17
A flaw has been found in Sanluan PublicCMS 5.202506.d. The impacted element is the function execute of the file publiccms-core/src/main/java/com/publiccms/views/directive/tools/TemplateResultDirective.java of the component templateResult A…
- CVE-2026-9498MEDIUMCVSS 6.3EG 6.32026-05-25
A vulnerability has been found in Dromara lamp-cloud up to 5.6.2. Impacted is the function GroovyClassLoader.parseClass of the component Message Template Handler. Such manipulation of the argument DefMsgTemplate.content leads to improper n…
- CVE-2026-9558CRITICALCVSS 9.9EG 9.92026-05-29
A Server-Side Template Injection (SSTI) vulnerability exists in Mautic's theme engine. The platform renders uploaded Twig templates without a sandbox or strict function restrictions. Authenticated users with permissions to create or upload…
Map vulnerabilities like CWE-1336 to your infrastructure
EchelonGraph correlates every CVE — across CWE-1336 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →