CVE-2026-40320

Source
https://cve.org/CVERecord?id=CVE-2026-40320
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-40320.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-40320
Aliases
Published
2026-04-17T17:25:50.449Z
Modified
2026-07-08T08:12:34.640079187Z
Severity
  • 5.4 (Medium) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:L CVSS Calculator
Summary
Giskard has an Unsandboxed Jinja2 Template Rendering in ConformityCheck
Details

Giskard is an open-source testing framework for AI models. In versions prior to 1.0.2b1, the ConformityCheck class rendered the rule parameter through Jinja2's default Template() constructor, silently interpreting template expressions at runtime. If check definitions are loaded from an untrusted source, a crafted rule string could achieve arbitrary code execution. Exploitation requires write access to a check definition and subsequent execution of the test suite. This issue has been fixed in giskard-checks version 1.0.2b1.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/40xxx/CVE-2026-40320.json",
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-1336"
    ]
}
References

Affected packages

Git / github.com/giskard-ai/giskard-oss

Affected ranges

Type
GIT
Repo
https://github.com/giskard-ai/giskard-oss
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "source": "AFFECTED_FIELD",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.0.2b1"
        }
    ]
}

Affected versions

giskard-agents/v1.*
giskard-agents/v1.0.1a1
giskard-agents/v1.0.2a1
giskard-agents/v1.0.2b1
giskard-checks/v1.*
giskard-checks/v1.0.1a1
giskard-checks/v1.0.1a2
giskard-checks/v1.0.1b1
giskard-core/v1.*
giskard-core/v1.0.1a1
giskard-core/v1.0.1b1
giskard-core/v1.0.1b2
Other
hub
python-client-1.*
python-client-1.8.0
python-client-v1.*
python-client-v1.9.1
v0.*
v0.1.1
v0.2.0
v1.*
v1.0.0
v1.1.0
v1.2.0
v1.4.0
v1.5.0
v1.8.0
v2.*
v2.0.0
v2.0.0b10
v2.0.0b12
v2.0.0b14
v2.0.0b15
v2.0.0b16
v2.0.0b17
v2.0.0b18
v2.0.0b19
v2.0.0b20
v2.0.0b23
v2.0.0b24
v2.0.0b25
v2.0.0b26
v2.0.0b28
v2.0.0b29
v2.0.0b30
v2.0.0b31
v2.0.0b32
v2.0.0b33
v2.0.0b34
v2.0.0b9
v2.0.1
v2.0.2
v2.0.3
v2.0.4
v2.0.5
v2.0.6
v2.0.7
v2.1.0
v2.1.1
v2.1.2
v2.1.3
v2.10.0
v2.11.0
v2.12.0
v2.13.0
v2.14.0
v2.14.1
v2.14.2
v2.14.3
v2.14.4
v2.14.5
v2.14.6
v2.15.0
v2.15.1
v2.15.2
v2.15.3
v2.15.4
v2.15.5
v2.16.0
v2.16.1
v2.16.2
v2.17.0
v2.18.0
v2.18.1
v2.19.0
v2.19.1
v2.2.0
v2.3.0
v2.3.1
v2.3.2
v2.4.0
v2.5.0
v2.5.1
v2.5.2
v2.5.3
v2.6.0
v2.7.0
v2.7.1
v2.7.2
v2.7.3
v2.7.4
v2.7.5
v2.7.6
v2.7.7
v2.8.0
v2.9.0
v2.9.1

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-40320.json"