CVE-2026-2969 is a vulnerability identified in datapizza-labs datapizza-ai version 0.0.2, specifically in the ChatPromptTemplate function located in datapizza-ai-core/datapizza/modules/prompt/prompt.py. The flaw arises from improper neutralization of special elements used in the Jinja2 template engine, which is responsible for rendering dynamic content based on templates. This improper neutralization allows an attacker to manipulate the Prompt argument, potentially injecting malicious template code. Since Jinja2 templates can execute arbitrary Python code if not properly sanitized, this vulnerability could lead to remote code execution or unauthorized data access. The vulnerability is remotely exploitable without user interaction but requires the attacker to have high privileges on the system, which limits the attack surface somewhat. The CVSS 4.0 score is 5.1 (medium), reflecting moderate impact on confidentiality, integrity, and availability with low complexity of attack but requiring high privileges. The vendor has not issued a patch or responded to disclosure, and while no active exploits are reported in the wild, proof-of-concept exploits have been published, increasing the risk of future attacks. This vulnerability highlights the risks of improper input handling in template engines, especially in AI-related software that dynamically generates prompts or content.

The vulnerability could allow attackers with high privileges to inject malicious template code via the ChatPromptTemplate function, potentially leading to unauthorized code execution, data leakage, or disruption of service. This compromises confidentiality by exposing sensitive data processed by the AI system, integrity by allowing manipulation of AI-generated outputs or internal logic, and availability if the system crashes or is otherwise disrupted by malicious templates. Organizations relying on datapizza-ai 0.0.2 for AI prompt generation or related tasks may face operational risks, data breaches, or reputational damage. Since exploitation requires high privileges, the threat is more severe in environments where internal users or compromised accounts have elevated access. The lack of vendor response and patch increases exposure time, and published exploits lower the barrier for attackers to weaponize this vulnerability. Overall, the impact is moderate but significant for organizations using this software in production or sensitive environments.

1. Immediately restrict access to systems running datapizza-ai 0.0.2 to trusted administrators only, minimizing the risk of privilege escalation. 2. Implement strict input validation and sanitization on all inputs passed to the ChatPromptTemplate function to neutralize special template elements before processing. 3. Employ runtime monitoring and anomaly detection to identify suspicious template rendering activities or unexpected command executions. 4. Consider isolating the datapizza-ai environment using containerization or sandboxing to limit the blast radius of any potential exploitation. 5. Regularly audit user privileges and remove unnecessary high-level access to reduce the pool of potential attackers. 6. Monitor threat intelligence sources for updates or patches from datapizza-labs and apply them promptly once available. 7. If feasible, upgrade to a later, unaffected version of datapizza-ai or switch to alternative AI prompt generation tools with better security track records. 8. Conduct internal security reviews and penetration testing focused on template injection vectors within AI systems. These steps go beyond generic advice by focusing on privilege management, input sanitization specific to template engines, and operational controls tailored to the AI software context.