CVE-2026-27961

Name of the Vulnerable Software and Affected Versions Agenta versions prior to 0.86.8

Description Agenta is an open-source LLMOps platform. A Server-Side Template Injection (SSTI) issue exists in the API server evaluator template rendering for versions prior to 0.86.8. The vulnerable code is within the SDK package but is executed server-side within the API process when running evaluators. This does not affect standalone SDK usage; it only impacts self-hosted or managed Agenta platform deployments. Server-Side Template Injection (SSTI) allows an attacker to inject malicious code into templates, potentially leading to remote code execution.

Recommendations Upgrade to version 0.86.8 or later.