Search
Find a vulnerability
Search criteria
2 vulnerabilities found for PyBlade by AntaresMugisho
CVE-2026-5559 (GCVE-0-2026-5559)
Vulnerability from nvd – Published: 2026-04-05 10:15 – Updated: 2026-04-06 16:19
VLAI
EPSS
VEX
Title
AntaresMugisho PyBlade AST Validation sandbox.py _is_safe_ast special elements used in a template engine
Summary
A vulnerability has been found in AntaresMugisho PyBlade 0.1.8-alpha/0.1.9-alpha. The affected element is the function _is_safe_ast of the file sandbox.py of the component AST Validation. Such manipulation leads to improper neutralization of special elements used in a template engine. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/355329 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/355329/cti | signaturepermissions-required |
| https://vuldb.com/submit/782904 | third-party-advisory |
| https://github.com/AntaresMugisho/PyBlade/issues/1 | issue-tracking |
| https://github.com/AntaresMugisho/PyBlade/issues/… | exploitissue-tracking |
| https://github.com/AntaresMugisho/PyBlade/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| AntaresMugisho | PyBlade |
Affected:
0.1.8-alpha
Affected: 0.1.9-alpha |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-5559",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-06T16:19:26.099230Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-06T16:19:35.483Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"AST Validation"
],
"product": "PyBlade",
"vendor": "AntaresMugisho",
"versions": [
{
"status": "affected",
"version": "0.1.8-alpha"
},
{
"status": "affected",
"version": "0.1.9-alpha"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "zhangxinyu06 (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in AntaresMugisho PyBlade 0.1.8-alpha/0.1.9-alpha. The affected element is the function _is_safe_ast of the file sandbox.py of the component AST Validation. Such manipulation leads to improper neutralization of special elements used in a template engine. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1336",
"description": "Improper Neutralization of Special Elements Used in a Template Engine",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-791",
"description": "Incomplete Filtering of Special Elements",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-05T10:15:15.559Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-355329 | AntaresMugisho PyBlade AST Validation sandbox.py _is_safe_ast special elements used in a template engine",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/355329"
},
{
"name": "VDB-355329 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/355329/cti"
},
{
"name": "Submit #782904 | AntaresMugisho PyBlade v0.1.8-alpha through v0.2.0-alph Code Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/782904"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/AntaresMugisho/PyBlade/issues/1"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/AntaresMugisho/PyBlade/issues/1#issue-4086730906"
},
{
"tags": [
"product"
],
"url": "https://github.com/AntaresMugisho/PyBlade/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-04-04T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-04-04T15:59:40.000Z",
"value": "VulDB entry last update"
}
],
"title": "AntaresMugisho PyBlade AST Validation sandbox.py _is_safe_ast special elements used in a template engine"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-5559",
"datePublished": "2026-04-05T10:15:15.559Z",
"dateReserved": "2026-04-04T13:54:35.492Z",
"dateUpdated": "2026-04-06T16:19:35.483Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5559 (GCVE-0-2026-5559)
Vulnerability from cvelistv5 – Published: 2026-04-05 10:15 – Updated: 2026-04-06 16:19
VLAI
EPSS
VEX
Title
AntaresMugisho PyBlade AST Validation sandbox.py _is_safe_ast special elements used in a template engine
Summary
A vulnerability has been found in AntaresMugisho PyBlade 0.1.8-alpha/0.1.9-alpha. The affected element is the function _is_safe_ast of the file sandbox.py of the component AST Validation. Such manipulation leads to improper neutralization of special elements used in a template engine. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/355329 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/355329/cti | signaturepermissions-required |
| https://vuldb.com/submit/782904 | third-party-advisory |
| https://github.com/AntaresMugisho/PyBlade/issues/1 | issue-tracking |
| https://github.com/AntaresMugisho/PyBlade/issues/… | exploitissue-tracking |
| https://github.com/AntaresMugisho/PyBlade/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| AntaresMugisho | PyBlade |
Affected:
0.1.8-alpha
Affected: 0.1.9-alpha |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-5559",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-06T16:19:26.099230Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-06T16:19:35.483Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"AST Validation"
],
"product": "PyBlade",
"vendor": "AntaresMugisho",
"versions": [
{
"status": "affected",
"version": "0.1.8-alpha"
},
{
"status": "affected",
"version": "0.1.9-alpha"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "zhangxinyu06 (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in AntaresMugisho PyBlade 0.1.8-alpha/0.1.9-alpha. The affected element is the function _is_safe_ast of the file sandbox.py of the component AST Validation. Such manipulation leads to improper neutralization of special elements used in a template engine. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1336",
"description": "Improper Neutralization of Special Elements Used in a Template Engine",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-791",
"description": "Incomplete Filtering of Special Elements",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-05T10:15:15.559Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-355329 | AntaresMugisho PyBlade AST Validation sandbox.py _is_safe_ast special elements used in a template engine",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/355329"
},
{
"name": "VDB-355329 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/355329/cti"
},
{
"name": "Submit #782904 | AntaresMugisho PyBlade v0.1.8-alpha through v0.2.0-alph Code Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/782904"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/AntaresMugisho/PyBlade/issues/1"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/AntaresMugisho/PyBlade/issues/1#issue-4086730906"
},
{
"tags": [
"product"
],
"url": "https://github.com/AntaresMugisho/PyBlade/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-04-04T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-04-04T15:59:40.000Z",
"value": "VulDB entry last update"
}
],
"title": "AntaresMugisho PyBlade AST Validation sandbox.py _is_safe_ast special elements used in a template engine"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-5559",
"datePublished": "2026-04-05T10:15:15.559Z",
"dateReserved": "2026-04-04T13:54:35.492Z",
"dateUpdated": "2026-04-06T16:19:35.483Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}