CISA alerts on Genshi SSTI leading to RCE

The Genshi Python template engine contains a server-side template injection (SSTI) flaw that can allow execution of arbitrary code on the host running the affected application.

This issue is tracked as CVE-2026-0685 and affects the Genshi library maintained by Edgewall. Genshi evaluates template expressions such as ${…} via its internal expression evaluator in eval.py, using Python’s eval() and exec() functions. During evaluation, name resolution is performed by lookupname(), and when a name is absent from provided template data Genshi falls back to Python’s built-in namespace, which includes functions such as globals() and import. When an attacker can control or inject template expressions, those built-in objects can be accessed and chained.

If an attacker can influence or inject template expressions, the vulnerability permits arbitrary code execution with the privileges of the running application. The advisory lists potential impacts including executing operating commands, deploying reverse shells or web shells, unauthorized access to sensitive data, or full compromise of the affected server, and notes that the issue converts SSTI into remote code execution (RCE).

At the time of publication, Genshi has not released an update addressing this issue. The advisory states that until an official patch or vendor guidance is available, mitigations are recommended.

The advisory’s recommended mitigations are: do not allow untrusted users to control template expressions or template sources and treat templates as executable code; restrict or eliminate access to Python built-ins during template evaluation; avoid using eval() or exec() on dynamically constructed expressions when untrusted input is involved; and, if user-defined templates are required, render them in a hardened sandbox environment.