Description
InvenTree is an Open Source Inventory Management System. From 1.2.3 to 1.2.6, the fix for CVE-2026-27629 upgraded the PART_NAME_FORMAT validator to use jinja2.sandbox.SandboxedEnvironment. However, the actual renderer in part/helpers.py was not updated and still uses the non-sandboxed jinja2.Environment. Additionally, the validator uses a dummy Part instance with pk=None, which allows conditional template expressions to behave differently during validation versus production rendering. A staff user with settings access can craft a template that passes validation but executes arbitrary code during rendering. This issue requires access by a user with granted staff permissions. This vulnerability is fixed in 1.2.7 and 1.3.0.
Published: 2026-04-08
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Remote code execution
Action: Apply patch
AI Analysis

Impact

The vulnerability arises from an unsanitized Jinja2 template rendering of custom part name formats in InvenTree. Although a previous fix introduced a sandboxed environment for validation, the production renderer continued to use the standard, insecure Jinja2 environment. This mismatch allows a staff member with settings access to supply a template that passes validation yet contains expressions that execute arbitrary code during actual rendering. The result is remote code execution within the application’s context, potentially granting full control over the underlying system. The weakness corresponds to the specified CWE for insecure implementation of a sandboxed environment.

Affected Systems

InvenTree editions from version 1.2.3 up to and including 1.2.6 are impacted. The security issue was addressed in releases 1.2.7 and 1.3.0. The platform is an open‑source inventory management system, accessible to users with administrative privileges. No other vendors or product lines are listed within the vulnerability statement.

Risk and Exploitability

The CVSS score of 5.5 places the vulnerability in the medium severity range, while the EPSS score is not available and the flaw is not currently cataloged in CISA’s KEV list. The likely attack vector is an internal privilege escalation, as exploitation requires a staff user with permission to modify system settings. If such access is obtained, the attacker can execute arbitrary code, impacting confidentiality, integrity, and availability. Although no public exploits have been reported yet, the combination of a known weakness, moderate severity, and required privileged access suggests a moderate to high risk for organizations running vulnerable InvenTree instances without timely remediation.

Generated by OpenCVE AI on April 8, 2026 at 20:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update InvenTree to version 1.2.7 or newer to apply the sandboxed rendering fix.
  • If an immediate update is not possible, remove or disable the PART_NAME_FORMAT template editing capability for staff users.
  • Audit existing configurations for any custom templates that may still be rendered by the naive Jinja2 environment and replace them with safe defaults or the sandboxed renderer.

Generated by OpenCVE AI on April 8, 2026 at 20:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 09 Apr 2026 08:30:00 +0000

Type Values Removed Values Added
First Time appeared Inventree
Inventree inventree
Vendors & Products Inventree
Inventree inventree

Wed, 08 Apr 2026 19:45:00 +0000

Type Values Removed Values Added
Description InvenTree is an Open Source Inventory Management System. From 1.2.3 to 1.2.6, the fix for CVE-2026-27629 upgraded the PART_NAME_FORMAT validator to use jinja2.sandbox.SandboxedEnvironment. However, the actual renderer in part/helpers.py was not updated and still uses the non-sandboxed jinja2.Environment. Additionally, the validator uses a dummy Part instance with pk=None, which allows conditional template expressions to behave differently during validation versus production rendering. A staff user with settings access can craft a template that passes validation but executes arbitrary code during rendering. This issue requires access by a user with granted staff permissions. This vulnerability is fixed in 1.2.7 and 1.3.0.
Title InvenTree has SSTI in PART_NAME_FORMAT bypasses CVE-2026-27629 fix via {% if part.pk %} sandbox escape
Weaknesses CWE-1336
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N'}

Subscriptions

Inventree Inventree
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-04-08T19:20:58.967Z

Reserved: 2026-04-02T20:49:44.453Z

Link: CVE-2026-35477

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-08T20:16:24.487

Modified: 2026-04-08T21:26:13.410

Link: CVE-2026-35477

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-09T08:27:43Z

Weaknesses