CVE-2026-40320: CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine in Giskard-AI giskard-oss
Giskard is an open-source testing framework for AI models. In versions prior to 1.0.2b1, the ConformityCheck class rendered the rule parameter through Jinja2's default Template() constructor, silently interpreting template expressions at runtime. If check definitions are loaded from an untrusted source, a crafted rule string could achieve arbitrary code execution. Exploitation requires write access to a check definition and subsequent execution of the test suite. This issue has been fixed in giskard-checks version 1.0.2b1.
AI Analysis
Technical Summary
The vulnerability (CVE-2026-40320) in giskard-oss before version 1.0.2b1 involves improper neutralization of special elements used in a template engine (CWE-1336). Specifically, the ConformityCheck class renders the rule parameter using Jinja2's default Template() constructor, which evaluates template expressions at runtime without sanitization. If an attacker can write a malicious rule string into a check definition and trigger execution of the test suite, they can execute arbitrary code. This requires both write access to the check definitions and the ability to run the tests. The vulnerability is resolved in giskard-checks version 1.0.2b1.
Potential Impact
Successful exploitation allows an attacker with limited privileges (write access to check definitions and permission to execute the test suite) to achieve arbitrary code execution within the context of the giskard-oss application. This could lead to unauthorized actions or compromise of the host environment running the tests. The CVSS 4.0 base score is 5.4, indicating a medium severity impact.
Mitigation Recommendations
A fix is available in giskard-checks version 1.0.2b1. Users should upgrade to this version or later to remediate the vulnerability. Since the vulnerability requires write access to check definitions and execution of the test suite, restricting these permissions can also reduce risk. Patch status is not explicitly stated in the vendor advisory content, but the description confirms the issue is fixed in version 1.0.2b1.
CVE-2026-40320: CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine in Giskard-AI giskard-oss
Description
Giskard is an open-source testing framework for AI models. In versions prior to 1.0.2b1, the ConformityCheck class rendered the rule parameter through Jinja2's default Template() constructor, silently interpreting template expressions at runtime. If check definitions are loaded from an untrusted source, a crafted rule string could achieve arbitrary code execution. Exploitation requires write access to a check definition and subsequent execution of the test suite. This issue has been fixed in giskard-checks version 1.0.2b1.
CVSS v4.0
Score 5.4medium
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability (CVE-2026-40320) in giskard-oss before version 1.0.2b1 involves improper neutralization of special elements used in a template engine (CWE-1336). Specifically, the ConformityCheck class renders the rule parameter using Jinja2's default Template() constructor, which evaluates template expressions at runtime without sanitization. If an attacker can write a malicious rule string into a check definition and trigger execution of the test suite, they can execute arbitrary code. This requires both write access to the check definitions and the ability to run the tests. The vulnerability is resolved in giskard-checks version 1.0.2b1.
Potential Impact
Successful exploitation allows an attacker with limited privileges (write access to check definitions and permission to execute the test suite) to achieve arbitrary code execution within the context of the giskard-oss application. This could lead to unauthorized actions or compromise of the host environment running the tests. The CVSS 4.0 base score is 5.4, indicating a medium severity impact.
Mitigation Recommendations
A fix is available in giskard-checks version 1.0.2b1. Users should upgrade to this version or later to remediate the vulnerability. Since the vulnerability requires write access to check definitions and execution of the test suite, restricting these permissions can also reduce risk. Patch status is not explicitly stated in the vendor advisory content, but the description confirms the issue is fixed in version 1.0.2b1.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-04-10T21:41:54.505Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69e273aebdfbbecc5970e958
Added to database: 4/17/2026, 5:53:50 PM
Last enriched: 4/25/2026, 3:00:25 AM
Last updated: 5/30/2026, 11:35:28 AM
Views: 78
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.