CVE-2026-2969
datapizza-labs datapizza-ai Jinja2 Template prompt.py ChatPromptTemplate special elements used in a template engine
CVSS Score
4.7
EPSS Score
0.0%
EPSS Percentile
0th
A flaw has been found in datapizza-labs datapizza-ai 0.0.2. Affected is the function ChatPromptTemplate of the file datapizza-ai-core/datapizza/modules/prompt/prompt.py of the component Jinja2 Template Handler. This manipulation of the argument Prompt causes improper neutralization of special elements used in a template engine. Remote exploitation of the attack is possible. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
| CWE | CWE-1336 CWE-791 |
| Vendor | datapizza-labs |
| Product | datapizza-ai |
| Published | Feb 23, 2026 |
| Last Updated | Feb 23, 2026 |
Stay Ahead of the Next One
Get instant alerts for datapizza-labs datapizza-ai
Be the first to know when new medium vulnerabilities affecting datapizza-labs datapizza-ai are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
datapizza-labs / datapizza-ai
0.0.2
References
vuldb.com: https://vuldb.com/?id.347336 vuldb.com: https://vuldb.com/?ctiid.347336 vuldb.com: https://vuldb.com/?submit.755357 github.com: https://github.com/hacktivesec/datapizza-ai-disclosure/blob/main/ssti.md github.com: https://github.com/hacktivesec/datapizza-ai-disclosure/blob/main/ssti.md#poc
Credits
edoardottt ๐ edoardottt (VulDB User) edoardottt (VulDB User)