PYSEC-2026-2488

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/giskard-checks/PYSEC-2026-2488.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2026-2488
Aliases
Published
2026-07-13T15:02:47.672303Z
Modified
2026-07-13T16:32:37.390646608Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
  • 5.4 (Medium) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:L CVSS Calculator
Summary
Giskard has Unsandboxed Jinja2 Template Rendering in ConformityCheck
Details

Summary

The ConformityCheck class in giskard-checks rendered the rule parameter through Jinja2's default Template() constructor. Because the rule string is silently interpreted as a Jinja2 template, a developer may not realize that template expressions embedded in rule definitions are evaluated at runtime. In a scenario where check definitions are loaded from an untrusted source (e.g. a shared project file or externally contributed configuration), this could lead to arbitrary code execution.

giskard-checks is a local developer testing library with no network-facing service. Check definitions, including the rule parameter, are provided in application code or project configuration files and executed locally. Exploitation requires write access to a check definition and subsequent execution of the test suite by a developer.

However, the implicit template evaluation of the rule parameter is not obvious from the API surface. This hidden behavior increases the likelihood of a developer inadvertently passing untrusted input to it when integrating the library into a larger system.

Affected Component

conformity.py, line 59:

from jinja2 import Template
...
formatted_rule = Template(self.rule).render(trace=trace)

Affected Versions

giskard-checks < 1.0.2b1

Patched Version

giskard-checks >= 1.0.2b1 (template parsing removed from rule evaluation entirely)

Remediation

Upgrade to giskard-checks >= 1.0.2b1. The template rendering has been removed from rule evaluation.

Credit

Giskard-AI thanks @dhabaleshwar for identifying the unsandboxed template usage.

References

Affected packages

PyPI / giskard-checks

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.0.2b1

Affected versions

1.*
1.0.1a1
1.0.1a2
1.0.1b1

Database specific

source
"https://github.com/pypa/advisory-database/blob/main/vulns/giskard-checks/PYSEC-2026-2488.yaml"