CVE-2026-40320

Name of the Vulnerable Software and Affected Versions giskard-checks versions prior to 1.0.2b1

Description The ConformityCheck class rendered the rule parameter through Jinja2's default Template() constructor, which silently interpreted template expressions at runtime. If check definitions are loaded from an untrusted source, such as a shared project file or externally contributed configuration, a crafted rule string could lead to arbitrary code execution. Exploitation requires write access to a check definition and the subsequent execution of the test suite. This behavior occurs in the conformity.py file where the rule parameter is processed.

Recommendations Update to version 1.0.2b1 or later.