CVE-2026-25526

{"id": "CVE-2026-25526", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2026-02-04T22:15:59.510", "references": [{"url": "https://github.com/HubSpot/jinjava/commit/3d02e504d8bbb13bf3fe019e9ca7b51dfce7a998", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/HubSpot/jinjava/commit/c7328dce6030ac718f88974196035edafef24441", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/HubSpot/jinjava/releases/tag/jinjava-2.7.6", "tags": ["Product", "Release Notes"], "source": "security-advisories@github.com"}, {"url": "https://github.com/HubSpot/jinjava/releases/tag/jinjava-2.8.3", "tags": ["Product", "Release Notes"], "source": "security-advisories@github.com"}, {"url": "https://github.com/HubSpot/jinjava/security/advisories/GHSA-gjx9-j8f8-7j74", "tags": ["Patch", "Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-1336"}]}], "descriptions": [{"lang": "en", "value": "JinJava is a Java-based template engine based on django template syntax, adapted to render jinja templates. Prior to versions 2.7.6 and 2.8.3, JinJava is vulnerable to arbitrary Java execution via bypass through ForTag. This allows arbitrary Java class instantiation and file access bypassing built-in sandbox restrictions. This issue has been patched in versions 2.7.6 and 2.8.3."}, {"lang": "es", "value": "JinJava es un motor de plantillas basado en Java, basado en la sintaxis de plantillas de Django, adaptado para renderizar plantillas Jinja. Antes de las versiones 2.7.6 y 2.8.3, JinJava es vulnerable a la ejecuci\u00f3n arbitraria de Java a trav\u00e9s de un bypass mediante ForTag. Esto permite la instanciaci\u00f3n arbitraria de clases Java y el acceso a archivos eludiendo las restricciones de sandbox integradas. Este problema ha sido parcheado en las versiones 2.7.6 y 2.8.3."}], "lastModified": "2026-02-20T21:00:42.130", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hubspot:jinjava:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BC9EFEAD-5907-4796-A5F8-401DF7A9319A", "versionEndExcluding": "2.7.6"}, {"criteria": "cpe:2.3:a:hubspot:jinjava:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "959D6165-C81D-4F46-B188-E1B1BAEA5266", "versionEndExcluding": "2.8.3", "versionStartIncluding": "2.8.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}