🛡️ CVE-2026-34172
🟠 CVSS 8.8 — High ⚠️ Exploit Public CWE-1336 NVD
8.8
CVSS Score
0 Low4 Medium7 High9 Critical10

Description

Giskard is an open-source Python library for testing and evaluating agentic systems. Prior to versions 0.3.4 and 1.0.2b1, ChatWorkflow.chat(message) passes its string argument directly as a Jinja2 template source to a non-sandboxed Environment. A developer who passes user input to this method enables full remote code execution via Jinja2 class traversal. The method name chat and parameter name message naturally invite passing user input directly, but the string is silently parsed as a Jinja2 template, not treated as plain text. This issue has been patched in versions 0.3.4 and 1.0.2b1.

Details

Severity HIGH
CVSS Score 8.8
CVSS Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE CWE-1336
Public Exploit ⚠️ Yes
Source NVD
Published 2026-03-31
Updated 2026-06-15
Modified 2026-04-07
Fix URL N/A

Affected Packages

Software From version Fixed in
giskard-agent
giskard-agents 1.0.1a1 1.0.2b1

Free Vulnerability Check

Is your WordPress site affected?

BotEraser helps you identify potentially vulnerable plugins and themes by checking your installation against known CVE records.

Scan My Site Free →

No credit card required  ·  Results in minutes

ⓘ Data Notice: The information presented above has been compiled from publicly available internet sources. Boteraser aggregates this data solely for informational purposes and does not independently classify, evaluate, or endorse any findings about the vulnerabilities listed. The accuracy and completeness of this information is the sole responsibility of the original publishers. Boteraser and its operators accept no liability for any decisions made based on this data.