CVE-2026-34172 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2026-34172

CVE-2026-34172

March 31, 2026

Giskard is an open-source Python library for testing and evaluating agentic systems. Prior to versions 0.3.4 and 1.0.2b1, ChatWorkflow.chat(message) passes its string argument directly as a Jinja2 template source to a non-sandboxed Environment. A developer who passes user input to this method enables full remote code execution via Jinja2 class traversal. The method name chat and parameter name message naturally invite passing user input directly, but the string is silently parsed as a Jinja2 template, not treated as plain text. This issue has been patched in versions 0.3.4 and 1.0.2b1.

Affected Packages

giskard-agents (PYTHON):

Affected version(s) >=1.0.1a1 <1.0.2b1

Fix Suggestion:

Update to version 1.0.2b1

giskard-agents (PYTHON):

Affected version(s) >=1.0.1a1 <1.0.2b1

Fix Suggestion:

Update to version 1.0.2b1

giskard-agents (PYTHON):

Affected version(s) >=0.3.0 <0.3.4

Fix Suggestion:

Update to version 0.3.4

giskard-agents (PYTHON):

Affected version(s) >=1.0.1a1 <1.0.2b1

Fix Suggestion:

Update to version 1.0.2b1

giskard-agents (PYTHON):

Affected version(s) >=1.0.1a1 <1.0.2b1

Fix Suggestion:

Update to version 1.0.2b1

giskard-agents (PYTHON):

Affected version(s) >=0.3.0 <0.3.4

Fix Suggestion:

Update to version 0.3.4

giskard-agents (PYTHON):

Affected version(s) >=1.0.1a1 <1.0.2b1

Fix Suggestion:

Update to version 1.0.2b1

giskard-agents (PYTHON):

Affected version(s) >=1.0.1a1 <1.0.2b1

Fix Suggestion:

Update to version 1.0.2b1

giskard-agents (PYTHON):

Affected version(s) >=0.3.0 <0.3.4

Fix Suggestion:

Update to version 0.3.4

giskard-agents (PYTHON):

Affected version(s) >=1.0.1a1 <1.0.2b1

Fix Suggestion:

Update to version 1.0.2b1

giskard-agents (PYTHON):

Affected version(s) >=0.3.0 <0.3.4

Fix Suggestion:

Update to version 0.3.4

giskard-agents (PYTHON):

Affected version(s) >=0.3.0 <0.3.4

Fix Suggestion:

Update to version 0.3.4

giskard-agents (PYTHON):

Affected version(s) >=0.3.0 <0.3.4

Fix Suggestion:

Update to version 0.3.4

giskard-agents (PYTHON):

Affected version(s) >=1.0.1a1 <1.0.2b1

Fix Suggestion:

Update to version 1.0.2b1

giskard-agents (PYTHON):

Affected version(s) >=0.3.0 <0.3.4

Fix Suggestion:

Update to version 0.3.4

giskard-agents (PYTHON):

Affected version(s) >=1.0.1a1 <1.0.2b1

Fix Suggestion:

Update to version 1.0.2b1

giskard-agents (PYTHON):

Affected version(s) >=1.0.1a1 <1.0.2b1

Fix Suggestion:

Update to version 1.0.2b1

giskard-agents (PYTHON):

Affected version(s) >=0.3.0 <0.3.4

Fix Suggestion:

Update to version 0.3.4

giskard-agents (PYTHON):

Affected version(s) >=0.3.0 <0.3.4

Fix Suggestion:

Update to version 0.3.4

giskard-agents (PYTHON):

Affected version(s) >=0.3.0 <0.3.4

Fix Suggestion:

Update to version 0.3.4

giskard-agents (PYTHON):

Affected version(s) >=1.0.1a1 <1.0.2b1

Fix Suggestion:

Update to version 1.0.2b1

Related Resources (2)

https://github.com/Giskard-AI/giskard-oss

https://github.com/Giskard-AI/giskard-oss/security/advisories/GHSA-frv4-x25r-588m

Do you need more information?

CVSS v4

Base Score:

7.7

Attack Vector

NETWORK

Attack Complexity

LOW

Attack Requirements

PRESENT

Privileges Required

LOW

User Interaction

NONE

Vulnerable System Confidentiality

HIGH

Vulnerable System Integrity

HIGH

Vulnerable System Availability

HIGH

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Weakness Type (CWE)

Improper Neutralization of Special Elements Used in a Template Engine

CWE-1336

Products

Solutions

Resources

Company

Compare

Developer Tools