{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-35477", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-04-02T20:49:44.453Z", "datePublished": "2026-04-08T19:20:58.967Z", "dateUpdated": "2026-04-10T20:43:12.243Z"}, "containers": {"cna": {"title": "InvenTree has SSTI in PART_NAME_FORMAT bypasses CVE-2026-27629 fix via {% if part.pk %} sandbox escape", "problemTypes": [{"descriptions": [{"cweId": "CWE-1336", "lang": "en", "description": "CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/inventree/InvenTree/security/advisories/GHSA-84jh-x777-8pqq", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/inventree/InvenTree/security/advisories/GHSA-84jh-x777-8pqq"}], "affected": [{"vendor": "inventree", "product": "InvenTree", "versions": [{"version": ">= 1.2.3, < 1.2.7", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-08T19:20:58.967Z"}, "descriptions": [{"lang": "en", "value": "InvenTree is an Open Source Inventory Management System. From 1.2.3 to 1.2.6, the fix for CVE-2026-27629 upgraded the PART_NAME_FORMAT validator to use jinja2.sandbox.SandboxedEnvironment. However, the actual renderer in part/helpers.py was not updated and still uses the non-sandboxed jinja2.Environment. Additionally, the validator uses a dummy Part instance with pk=None, which allows conditional template expressions to behave differently during validation versus production rendering. A staff user with settings access can craft a template that passes validation but executes arbitrary code during rendering. This issue requires access by a user with granted staff permissions. This vulnerability is fixed in 1.2.7 and 1.3.0."}], "source": {"advisory": "GHSA-84jh-x777-8pqq", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-10T20:43:01.777985Z", "id": "CVE-2026-35477", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-10T20:43:12.243Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-35477", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-10T20:43:01.777985Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-10T20:43:07.097Z"}}], "cna": {"title": "InvenTree has SSTI in PART_NAME_FORMAT bypasses CVE-2026-27629 fix via {% if part.pk %} sandbox escape", "source": {"advisory": "GHSA-84jh-x777-8pqq", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "inventree", "product": "InvenTree", "versions": [{"status": "affected", "version": ">= 1.2.3, < 1.2.7"}]}], "references": [{"url": "https://github.com/inventree/InvenTree/security/advisories/GHSA-84jh-x777-8pqq", "name": "https://github.com/inventree/InvenTree/security/advisories/GHSA-84jh-x777-8pqq", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "InvenTree is an Open Source Inventory Management System. From 1.2.3 to 1.2.6, the fix for CVE-2026-27629 upgraded the PART_NAME_FORMAT validator to use jinja2.sandbox.SandboxedEnvironment. However, the actual renderer in part/helpers.py was not updated and still uses the non-sandboxed jinja2.Environment. Additionally, the validator uses a dummy Part instance with pk=None, which allows conditional template expressions to behave differently during validation versus production rendering. A staff user with settings access can craft a template that passes validation but executes arbitrary code during rendering. This issue requires access by a user with granted staff permissions. This vulnerability is fixed in 1.2.7 and 1.3.0."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1336", "description": "CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-08T19:20:58.967Z"}}}, "cveMetadata": {"cveId": "CVE-2026-35477", "state": "PUBLISHED", "dateUpdated": "2026-04-10T20:43:12.243Z", "dateReserved": "2026-04-02T20:49:44.453Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-04-08T19:20:58.967Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:inventree_project:inventree:*:*:*:*:*:*:*:*", "matchCriteriaId": "A0B83810-7753-42DE-8C65-7762037BC687", "versionEndIncluding": "1.2.6", "versionStartIncluding": "1.2.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "InvenTree is an Open Source Inventory Management System. From 1.2.3 to 1.2.6, the fix for CVE-2026-27629 upgraded the PART_NAME_FORMAT validator to use jinja2.sandbox.SandboxedEnvironment. However, the actual renderer in part/helpers.py was not updated and still uses the non-sandboxed jinja2.Environment. Additionally, the validator uses a dummy Part instance with pk=None, which allows conditional template expressions to behave differently during validation versus production rendering. A staff user with settings access can craft a template that passes validation but executes arbitrary code during rendering. This issue requires access by a user with granted staff permissions. This vulnerability is fixed in 1.2.7 and 1.3.0."}], "id": "CVE-2026-35477", "lastModified": "2026-04-20T15:14:39.303", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-04-08T20:16:24.487", "references": [{"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/inventree/InvenTree/security/advisories/GHSA-84jh-x777-8pqq"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1336"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[1.2.3,1.2.7)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "InvenTree", "source": "cna", "vendor": "inventree"}, "product": "inventree", "vendor": "inventree"}], "analysis": {"en": {"generated_at": "2026-04-08T20:22:51.238922+00:00", "value": {"mitigation_remediation": ["Update InvenTree to version 1.2.7 or newer to apply the sandboxed rendering fix.", "If an immediate update is not possible, remove or disable the PART_NAME_FORMAT template editing capability for staff users.", "Audit existing configurations for any custom templates that may still be rendered by the naive Jinja2 environment and replace them with safe defaults or the sandboxed renderer."], "summary": {"action": "Apply patch", "impact": "Remote code execution"}, "threat_synthesis": {"affected_systems": "InvenTree editions from version 1.2.3 up to and including 1.2.6 are impacted. The security issue was addressed in releases 1.2.7 and 1.3.0. The platform is an open\u2011source inventory management system, accessible to users with administrative privileges. No other vendors or product lines are listed within the vulnerability statement.", "description_and_impact": "The vulnerability arises from an unsanitized Jinja2 template rendering of custom part name formats in InvenTree. Although a previous fix introduced a sandboxed environment for validation, the production renderer continued to use the standard, insecure Jinja2 environment. This mismatch allows a staff member with settings access to supply a template that passes validation yet contains expressions that execute arbitrary code during actual rendering. The result is remote code execution within the application\u2019s context, potentially granting full control over the underlying system. The weakness corresponds to the specified CWE for insecure implementation of a sandboxed environment.", "risk_and_exploitability": "The CVSS score of 5.5 places the vulnerability in the medium severity range, while the EPSS score is not available and the flaw is not currently cataloged in CISA\u2019s KEV list. The likely attack vector is an internal privilege escalation, as exploitation requires a staff user with permission to modify system settings. If such access is obtained, the attacker can execute arbitrary code, impacting confidentiality, integrity, and availability. Although no public exploits have been reported yet, the combination of a known weakness, moderate severity, and required privileged access suggests a moderate to high risk for organizations running vulnerable InvenTree instances without timely remediation."}}}}, "created": "2026-04-09T08:18:21.013684+00:00", "updated": "2026-04-09T08:27:43.461678+00:00", "vendors": ["inventree", "inventree$PRODUCT$inventree"]}