CVE-2026-35477
Published: 08 April 2026
Summary
CVE-2026-35477 is a medium-severity Improper Neutralization of Special Elements Used in a Template Engine (CWE-1336) vulnerability in Inventree Project Inventree. Its CVSS base score is 5.5 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 8.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Flaw remediation requires timely patching to versions 1.2.7 or 1.3.0, directly addressing the incomplete sandboxing fix in the template renderer.
Least privilege restricts settings access to only essential staff users, preventing high-privilege exploitation of the template crafting capability.
Information input validation ensures malicious Jinja2 templates in PART_NAME_FORMAT are detected and rejected before rendering, though discrepancies between validation and production require comprehensive implementation.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability is a server-side template injection (SSTI) in the Jinja2 renderer allowing a high-privilege staff user to bypass sandboxing and execute arbitrary Python code during template rendering, directly enabling T1190 (Exploit Public-Facing Application) for the web app flaw and T1059.006 (Python) for the resulting code execution.
NVD Description
InvenTree is an Open Source Inventory Management System. From 1.2.3 to 1.2.6, the fix for CVE-2026-27629 upgraded the PART_NAME_FORMAT validator to use jinja2.sandbox.SandboxedEnvironment. However, the actual renderer in part/helpers.py was not updated and still uses the non-sandboxed jinja2.Environment. Additionally, the…
more
validator uses a dummy Part instance with pk=None, which allows conditional template expressions to behave differently during validation versus production rendering. A staff user with settings access can craft a template that passes validation but executes arbitrary code during rendering. This issue requires access by a user with granted staff permissions. This vulnerability is fixed in 1.2.7 and 1.3.0.
Deeper analysisAI
CVE-2026-35477 is a vulnerability in InvenTree, an open-source inventory management system, affecting versions 1.2.3 through 1.2.6. It arises from an incomplete remediation of CVE-2026-27629 in the PART_NAME_FORMAT feature, where the validator was updated to use jinja2.sandbox.SandboxedEnvironment, but the renderer in part/helpers.py remained on the non-sandboxed jinja2.Environment. Additionally, the validator relies on a dummy Part instance with pk=None, causing conditional template expressions to evaluate differently during validation compared to production rendering. This flaw is classified under CWE-1336 with a CVSS v3.1 base score of 5.5 (AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N).
A staff user with settings access and granted staff permissions can exploit the vulnerability by crafting a malicious template that passes validation but executes arbitrary code during rendering. Attackers require high-privilege access, with no user interaction needed, enabling network-based exploitation of moderate complexity that results in low confidentiality and integrity impacts due to the changed scope.
The GitHub security advisory (GHSA-84jh-x777-8pqq) states that the issue is addressed in InvenTree versions 1.2.7 and 1.3.0, recommending upgrades to these releases for mitigation.
Details
- CWE(s)