Description
A flaw has been found in datapizza-labs datapizza-ai 0.0.2. Affected is the function ChatPromptTemplate of the file datapizza-ai-core/datapizza/modules/prompt/prompt.py of the component Jinja2 Template Handler. This manipulation of the argument Prompt causes improper neutralization of special elements used in a template engine. Remote exploitation of the attack is possible. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-02-23
Score: 5.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution via Server‑Side Template Injection (SSTI)
Action: Apply Patch
AI Analysis

Impact

The flaw resides in the ChatPromptTemplate function of datapizza‑ai‑core and allows an attacker to manipulate the Prompt argument used by the Jinja2 template engine. This improper neutralization of special elements results in a server‑side template injection that can lead to remote code execution. The weakness aligns with CWE‑1336 and CWE‑791.

Affected Systems

Affected systems are installations of datapizza‑labs datapizza‑ai version 0.0.2. No other versions or products are listed, and the impact is limited to that particular release.

Risk and Exploitability

The vulnerability carries a CVSS score of 5.1 and an EPSS score below 1 %, indicating a modest severity with a very low likelihood of exploitation. It is not currently listed in the CISA KEV catalog. However, the description confirms that exploitation is possible from a remote source, and proof‑of‑concept code has been published, suggesting that an attacker could supply a crafted Prompt string to execute arbitrary code on the server.

Generated by OpenCVE AI on April 17, 2026 at 16:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade datapizza‑ai to a patched release that eliminates the Jinja2 template injection flaw.
  • Validate or sanitize all values passed to the Prompt argument, ensuring that template syntax characters are either escaped or disallowed.
  • Run the component that renders Jinja2 templates under the least‑privileged user account to limit the impact of a successful injection attack.
  • Monitor application logs for abnormal template rendering activity and enforce size limits to mitigate uncontrolled memory allocation.

Generated by OpenCVE AI on April 17, 2026 at 16:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-q5xx-fxv3-xxqf datapizza-ai: Server-Side Template Injection in ChatPromptTemplate via Jinja2 Template Handler
History

Tue, 24 Feb 2026 18:00:00 +0000

Type Values Removed Values Added
First Time appeared Datapizza
Datapizza datapizza Ai
CPEs cpe:2.3:a:datapizza:datapizza_ai:0.0.2:*:*:*:*:*:*:*
Vendors & Products Datapizza
Datapizza datapizza Ai

Mon, 23 Feb 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 23 Feb 2026 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Datapizza-labs
Datapizza-labs datapizza-ai
Vendors & Products Datapizza-labs
Datapizza-labs datapizza-ai

Mon, 23 Feb 2026 04:15:00 +0000

Type Values Removed Values Added
Description A flaw has been found in datapizza-labs datapizza-ai 0.0.2. Affected is the function ChatPromptTemplate of the file datapizza-ai-core/datapizza/modules/prompt/prompt.py of the component Jinja2 Template Handler. This manipulation of the argument Prompt causes improper neutralization of special elements used in a template engine. Remote exploitation of the attack is possible. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Title datapizza-labs datapizza-ai Jinja2 Template prompt.py ChatPromptTemplate special elements used in a template engine
Weaknesses CWE-1336
CWE-791
References
Metrics cvssV2_0

{'score': 5.8, 'vector': 'AV:N/AC:L/Au:M/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 4.7, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 4.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Datapizza Datapizza Ai
Datapizza-labs Datapizza-ai
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-02-23T17:04:45.465Z

Reserved: 2026-02-22T08:12:07.038Z

Link: CVE-2026-2969

cve-icon Vulnrichment

Updated: 2026-02-23T17:04:39.312Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-23T05:16:19.833

Modified: 2026-04-29T01:00:01.613

Link: CVE-2026-2969

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T16:30:05Z

Weaknesses