PT-2026-6313 · Jinjava · Jinjava
Akues-An
+1
·
Published
2026-02-03
·
Updated
2026-03-22
·
CVE-2026-25526
CVSS v2.0
10
Critical
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
JinJava versions prior to 2.7.6
JinJava versions prior to 2.8.3
Description
JinJava is a Java-based template engine that uses django template syntax to render jinja templates. A flaw exists in the
ForTag component that allows for arbitrary Java execution. This bypasses built-in sandbox restrictions, enabling arbitrary Java class instantiation and file access. The issue allows an attacker to circumvent security measures and potentially gain control of the system.Recommendations
Update JinJava to version 2.7.6 or later.
Update JinJava to version 2.8.3 or later.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Jinjava