CVE-2026-27961 is a Server-Side Template Injection (SSTI) vulnerability classified under CWE-1336, affecting the Agenta-AI agenta platform before version 0.86.8. The vulnerability stems from improper neutralization of special elements in the template engine used by the API server's evaluator template rendering component. Although the vulnerable code resides in the SDK package, it is executed server-side only when running evaluators within self-hosted or managed Agenta platform deployments, not in standalone SDK usage. SSTI vulnerabilities allow attackers to inject malicious template code, which the server then executes, potentially leading to remote code execution (RCE), data leakage, or denial of service. The CVSS v3.1 score of 8.8 reflects high severity, with an attack vector of network (AV:N), low attack complexity (AC:L), requiring privileges (PR:L) but no user interaction (UI:N), and impacting confidentiality, integrity, and availability (C:H/I:H/A:H). The vulnerability was publicly disclosed on February 26, 2026, with no known exploits in the wild at the time of publication. The fix was introduced in version 0.86.8, which properly neutralizes special template elements to prevent injection attacks.

The impact of CVE-2026-27961 is significant for organizations running self-hosted or managed Agenta platforms prior to version 0.86.8. Successful exploitation can lead to remote code execution on the API server, allowing attackers to execute arbitrary commands, access sensitive data, manipulate or corrupt data, and disrupt service availability. This compromises the confidentiality, integrity, and availability of the affected systems, potentially leading to data breaches, operational downtime, and loss of trust. Given Agenta's role as an LLMOps platform, attackers could also manipulate AI model evaluation processes, undermining AI system reliability and decision-making. The requirement for low privileges means that even users with limited access could escalate their control, increasing the risk from insider threats or compromised accounts. Organizations relying on Agenta for AI operations must consider this vulnerability critical to their security posture.

To mitigate CVE-2026-27961, organizations should immediately upgrade all Agenta platform deployments to version 0.86.8 or later, where the vulnerability is patched. For environments where immediate upgrade is not feasible, apply strict input validation and sanitization on all user-supplied data that may be processed by the template engine to prevent injection of malicious template code. Implement runtime application self-protection (RASP) or web application firewalls (WAF) with rules designed to detect and block SSTI attack patterns targeting Agenta's API endpoints. Restrict API server access to trusted networks and enforce least privilege principles for user accounts to reduce the risk of exploitation by low-privilege users. Monitor logs and system behavior for unusual template rendering activity or unexpected command execution attempts. Additionally, conduct regular security audits and penetration testing focused on template injection vectors within AI platform components.