PYSEC-2026-1472

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/jinja2/PYSEC-2026-1472.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2026-1472
Aliases
Published
2026-07-07T14:34:47.677447Z
Modified
2026-07-07T17:46:46.013371684Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
  • 5.4 (Medium) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSS Calculator
Summary
Jinja has a sandbox breakout through malicious filenames
Details

A bug in the Jinja compiler allows an attacker that controls both the content and filename of a template to execute arbitrary Python code, regardless of if Jinja's sandbox is used.

To exploit the vulnerability, an attacker needs to control both the filename and the contents of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates where the template author can also choose the template filename.

References

Affected packages

PyPI / jinja2

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.0.0
Fixed
3.1.5

Affected versions

3.*
3.0.0
3.0.1
3.0.2
3.0.3
3.1.0
3.1.1
3.1.2
3.1.3
3.1.4

Database specific

source
"https://github.com/pypa/advisory-database/blob/main/vulns/jinja2/PYSEC-2026-1472.yaml"