Home / Vulnerability Intelligence / CVE-2026-27961

CVE-2026-27961 - Vulnerability Analysis

HighCVSS: 8.8

Last Updated: February 27, 2026

Agenta - Server Side Template Injection

Published: February 26, 2026Updated: February 27, 2026Remote Exploitable

Overview

Agenta < 0.86.8 contains a server side template injection caused by unsafe template rendering in the API server evaluator, letting remote attackers execute arbitrary code server-side, exploit requires API server usage.

Severity & Score

Severity: High

CVSS Score: 8.8

EPSS Score: 4.7%(Probability of exploitation in next 30 days)

Impact

Remote attackers can execute arbitrary code on the server, potentially leading to full system compromise.

Mitigation

Upgrade to version 0.86.8 or later.

References

https://github.com/Agenta-AI/agenta/security/advisories/GHSA-cfr2-mp74-3763

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Feb 26, 2026

🟠 CVE-2026-27961 - High (8.8) Agenta is an open-source LLMOps platform. A Server-Side Template Injection (SSTI) vulnerability exists in versions prior to 0.86.8 in Agenta's API server evaluator template rendering. Although the vulnerable code lives in the SDK package, it is ex... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27961/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-27961
Severity: High
CVSS Score: 8.8
Type: template_injection
Status: unconfirmed
EPSS: 4.7%
Social Posts: 1

CWE

CWE-1336

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

4.7%Probability of exploitation in the next 30 days