Server Side Template Injection in Datapizza Labs Datapizza-AI Product
CVE-2026-2969

5.1MEDIUM

Key Information:

Vendor

Datapizza-labs

Status
Datapizza-ai
Vendor
CVE Published:
23 February 2026

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC

What is CVE-2026-2969?

A significant flaw has been identified within the Datapizza Labs Datapizza-AI product, specifically in the ChatPromptTemplate function located in the 'datapizza-ai-core/datapizza/modules/prompt/prompt.py' module. This vulnerability arises from improper neutralization of special elements within the Jinja2 Template Handler. As a result, it allows for potential remote exploitation, putting systems at risk. Despite early notification to the vendor regarding the security issue, there has been no response, leaving systems vulnerable.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

datapizza-ai 0.0.2

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2026-2969 - Proof of Concept

References

https://vuldb.com/?id.347336
vdb-entrytechnical-description
https://vuldb.com/?ctiid.347336
signaturepermissions-required
https://vuldb.com/?submit.755357
third-party-advisory

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

edoardottt
edoardottt (VulDB User)
edoardottt (VulDB User)
JSON
.