Server side template inject (SSTI) in the expression evaluation component in Genshi Template Engine version 0.7.9 allows a remote attacker to achieve remote code execution (RCE) via crafted template expressions.
{ "binaries": [ { "binary_name": "python-genshi", "binary_version": "0.7-5" }, { "binary_name": "python3-genshi", "binary_version": "0.7-5" } ] }
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-0685.json"
{ "binaries": [ { "binary_name": "python-genshi", "binary_version": "0.7-6" }, { "binary_name": "python3-genshi", "binary_version": "0.7-6" } ] }
{ "binaries": [ { "binary_name": "python-genshi", "binary_version": "0.7.3-0ubuntu3.1" }, { "binary_name": "python3-genshi", "binary_version": "0.7.3-0ubuntu3.1" } ] }
{ "binaries": [ { "binary_name": "python3-genshi", "binary_version": "0.7.6-1build1" } ] }
{ "binaries": [ { "binary_name": "python3-genshi", "binary_version": "0.7.7-4build2" } ] }
{ "binaries": [ { "binary_name": "python3-genshi", "binary_version": "0.7.9-2build1" } ] }
{ "binaries": [ { "binary_name": "python3-genshi", "binary_version": "0.7.10-2build1" } ] }