CVE-2026-0685

Name: CVE-2026-0685
Creator: NVD / NIST
Published: 2026-06-26T16:16:29.757+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

CRITICALCVSS 9.8/10

Last modified Jun 26, 2026

This CVE is reserved or awaiting analysis. Details will appear once published by NVD.

Description

Server side template inject (SSTI) in the expression evaluation component in Genshi Template Engine version 0.7.9 allows a remote attacker to achieve remote code execution (RCE) via crafted template expressions.

Metrics

CVSS 3.1

9.8/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

https://github.com/edgewall/genshi/
https://www.kb.cert.org/vuls/id/244846

Timeline

Published: Jun 26, 2026
Last Modified: Jun 26, 2026
Status: Awaiting Analysis

Are you affected by CVE-2026-0685?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST