CVE-2026-27961

Agenta's Server-Side Template Injection (SSTI) via custom evaluator Jinja2 templates allows RCE

CVSS 8.8 HIGHEPSS 0.3%CWE-1336

Vexday Risk Score

21Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 8.8EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

26 Feb 2026Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

Agenta is an open-source LLMOps platform. A Server-Side Template Injection (SSTI) vulnerability exists in versions prior to 0.86.8 in Agenta's API server evaluator template rendering. Although the vulnerable code lives in the SDK package, it is executed server-side within the API process when running evaluators. This does not affect standalone SDK usage — it only impacts self-hosted or managed Agenta platform deployments. Version 0.86.8 contains a fix for the issue.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Agenta-AI · agenta

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/Agenta-AI/agenta/security/advisories/GHSA-cfr2-mp74-3763