CVE-2026-25731: Insecure Templite Engine
The `Templite` templating engine processes embedded Python expressions within templates. Initializing `Templite` with untrusted template data leads to Server-Side Template Injection (SSTI) and arbitrary Remote Code Execution. Replace the insecure `Templite` engine with a standard logic-less implementation like `pystache` (Mustache) or configure an isolated e
greprules fetch cve-2026-25731-insecure-templite-engine --engine opengrepDescription
The `Templite` templating engine processes embedded Python expressions within templates. Initializing `Templite` with untrusted template data leads to Server-Side Template Injection (SSTI) and arbitrary Remote Code Execution. Replace the insecure `Templite` engine with a standard logic-less implementation like `pystache` (Mustache) or configure an isolated e
Detection target
Not provided
Recommended fix
Not provided
False-positive notes
Not provided
Community feedback
Sign in to report false positives, mark this rule useful, or suggest metadata improvements.