Mmabrouk

**Name of the Vulnerable Software and Affected Versions** Agenta versions prior to 0.86.8 **Description** Agenta is an open-source LLMOps platform. A Server-Side Template Injection (SSTI) issue exists in the API server evaluator template rendering for versions prior to 0.86.8. The vulnerable code is within the SDK package but is executed server-side within the API process when running evaluators. This does not affect standalone SDK usage; it only impacts self-hosted or managed Agenta platform deployments. Server-Side Template Injection (SSTI) allows an attacker to inject malicious code into templates, potentially leading to remote code execution. **Recommendations** Upgrade to version 0.86.8 or later.