EXECUTIVE SUMMARY:
CVE-2026-44209 with a CVSS score of 7.5 is a vulnerability in the `banks` package, which allows for Critical Remote Code Execution (RCE) via Jinja2 Server-Side Template Injection (SSTI). The affected product is `banks`, with specific impacted versions being `<= 2.4.1`. The vulnerability occurs when `banks` uses `jinja2 .Environment()` (unsandboxed) to render prompt templates, allowing applications that pass user-supplied strings as the template argument to `Prompt()` to be vulnerable to RCE on the host system. An attacker can exploit this vulnerability by passing specially crafted user input to `Prompt()`, allowing them to execute arbitrary commands on the host system, including data exfiltration and server compromise. The business impact and consequences of exploitation are severe, as applications that allow end-users to supply or customize prompt templates are at risk of full RCE. To exploit this vulnerability, an attacker requires access to an application that stores prompt templates in a database, accepts them via an API, or loads them from a user-supplied config file, and passes them to `Prompt()`.[/subscribe_to_unlock_form]
EXECUTIVE SUMMARY:
CVE-2026-44209 with a CVSS score of 7.5 is a vulnerability in the `banks` package, which allows for Critical Remote Code Execution (RCE) via Jinja2 Server-Side Template Injection (SSTI). The affected product is `banks`, with specific impacted versions being `<= 2.4.1`. The vulnerability occurs when `banks` uses `jinja2 .Environment()` (unsandboxed) to render prompt templates, allowing applications that pass user-supplied strings as the template argument to `Prompt()` to be vulnerable to RCE on the host system. An attacker can exploit this vulnerability by passing specially crafted user input to `Prompt()`, allowing them to execute arbitrary commands on the host system, including data exfiltration and server compromise. The business impact and consequences of exploitation are severe, as applications that allow end-users to supply or customize prompt templates are at risk of full RCE. To exploit this vulnerability, an attacker requires access to an application that stores prompt templates in a database, accepts them via an API, or loads them from a user-supplied config file, and passes them to `Prompt()`.[emaillocker id="1283"]
RECOMMENDATION:
We recommend you to update banks to version 2.4.2.
REFERENCES:
The following reports contain further technical details:
https://github.com/advisories/GHSA-gphh-9q3h-jgpp