CVE-2026-29514 - Vulnerability Analysis
HighCVSS: 8.8Last Updated: May 4, 2026
NetBox - Remote Code Execution
Published: May 4, 2026Updated: May 4, 2026Remote Exploitable
Overview
NetBox 4.3.5 through 4.5.4 contains a remote code execution vulnerability caused by improper handling of environment_params in RenderTemplateMixin.get_environment_params(), letting authenticated users with exporttemplate or configtemplate permissions execute arbitrary code by specifying malicious Python callables, exploit requires specific permissions.
Severity & Score
Severity: High
CVSS Score: 8.8
Impact
Authenticated users with specific permissions can execute arbitrary code as the NetBox service user, potentially compromising the entire system.
Mitigation
Update to the latest version beyond 4.5.4.
References
Related Resources
Details
- CVE ID
- CVE-2026-29514
- Severity
- High
- CVSS Score
- 8.8
- Type
- undefined
- Status
- new
CWE
- CWE-183
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H