CVE-2026-40320
published 2026-04-17CVE-2026-40320: Giskard is an open-source testing framework for AI models. In versions prior to 1.0.2b1, the ConformityCheck class rendered the rule parameter through Jinja2's…
PriorityP343high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
EPSS
0.14%
4.1th percentile
Giskard is an open-source testing framework for AI models. In versions prior to 1.0.2b1, the ConformityCheck class rendered the rule parameter through Jinja2's default Template() constructor, silently interpreting template expressions at runtime. If check definitions are loaded from an untrusted source, a crafted rule string could achieve arbitrary code execution. Exploitation requires write access to a check definition and subsequent execution of the test suite. This issue has been fixed in giskard-checks version 1.0.2b1.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| giskard-ai | giskard-oss | < 1.0.2b1 | 1.0.2b1 |
| giskard | giskard | < 1.0.2 | 1.0.2 |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv4.05.4MEDIUMCVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Giskard-AI giskard-oss up to 1.0.2b0 Rule Template special elements used in a template engine (GHSA-7xjm-g8f4-rp26)
vuldb·2026-04-17·CVSS 5.4
CVE-2026-40320 [MEDIUM] Giskard-AI giskard-oss up to 1.0.2b0 Rule Template special elements used in a template engine (GHSA-7xjm-g8f4-rp26)
A vulnerability described as problematic has been identified in Giskard-AI giskard-oss up to 1.0.2b0. The impacted element is the function Template of the component Rule Handler. Executing a manipulation can lead to improper neutralization of special elements used in a template engine.
This vulnerability is registered as CVE-2026-40320. The attack needs to be launched locally. No exploit is available.
Upgrading the affected component is recommended.
GHSA
Giskard has Unsandboxed Jinja2 Template Rendering in ConformityCheck
ghsa·2026-04-14
CVE-2026-40320 [MEDIUM] CWE-1336 Giskard has Unsandboxed Jinja2 Template Rendering in ConformityCheck
Giskard has Unsandboxed Jinja2 Template Rendering in ConformityCheck
## Summary
The `ConformityCheck` class in `giskard-checks` rendered the `rule` parameter through Jinja2's default `Template()` constructor. Because the `rule` string is silently interpreted as a Jinja2 template, a developer may not realize that template expressions embedded in rule definitions are evaluated at runtime. In a scenario where check definitions are loaded from an untrusted source (e.g. a shared project file or externally contributed configuration), this could lead to arbitrary code execution.
`giskard-checks` is a local developer testing library with no network-facing service. Check definitions, including the `rule` parameter, are provided in application code or project configuration files and executed loca
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-04-17
Published