Server side template inject (SSTI) in the expression evaluation component in Genshi Template Engine version 0.7.9 allows a remote attacker to achieve remote code execution (RCE) via crafted template expressions.
{
"cna_assigner": "certcc",
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/0xxx/CVE-2026-0685.json"
}