CVE-2026-0685

Source
https://cve.org/CVERecord?id=CVE-2026-0685
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-0685.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-0685
Downstream
Published
2026-06-26T15:45:11.283Z
Modified
2026-07-15T01:49:14.765555737Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Server side template inject (SSTI) in Edgewall Genshi Template Engine
Details

Server side template inject (SSTI) in the expression evaluation component in Genshi Template Engine version 0.7.9 allows a remote attacker to achieve remote code execution (RCE) via crafted template expressions.

Database specific
{
    "cna_assigner": "certcc",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/0xxx/CVE-2026-0685.json"
}
References

Affected packages

Git / github.com/edgewall/genshi

Affected ranges

Type
GIT
Repo
https://github.com/edgewall/genshi
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
Database specific
{
    "source": "AFFECTED_FIELD",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.7.9"
        }
    ]
}

Affected versions

0.*
0.7.1
0.7.2
0.7.3
0.7.4
0.7.5
0.7.6
0.7.7
0.7.8
0.7.9

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-0685.json"