{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-29T22:08:51.349","vulnerabilities":[{"cve":{"id":"CVE-2026-27961","sourceIdentifier":"security-advisories@github.com","published":"2026-02-26T02:16:23.483","lastModified":"2026-03-02T18:40:39.127","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Agenta is an open-source LLMOps platform. A Server-Side Template Injection (SSTI) vulnerability exists in versions prior to 0.86.8 in Agenta's API server evaluator template rendering. Although the vulnerable code lives in the SDK package, it is executed server-side within the API process when running evaluators. This does not affect standalone SDK usage — it only impacts self-hosted or managed Agenta platform deployments. Version 0.86.8 contains a fix for the issue."},{"lang":"es","value":"Agenta es una plataforma LLMOps de código abierto. Una vulnerabilidad de inyección de plantillas del lado del servidor (SSTI) existe en versiones anteriores a la 0.86.8 en la renderización de plantillas del evaluador del servidor API de Agenta. Aunque el código vulnerable reside en el paquete SDK, se ejecuta del lado del servidor dentro del proceso de la API al ejecutar evaluadores. Esto no afecta el uso autónomo del SDK — solo afecta las implementaciones de la plataforma Agenta autoalojadas o gestionadas. La versión 0.86.8 contiene una solución para el problema."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-1336"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:agentatech:agenta:*:*:*:*:*:*:*:*","versionEndExcluding":"0.86.8","matchCriteriaId":"FF609F89-BEC4-4CB7-8818-18575B3796E2"}]}]}],"references":[{"url":"https://github.com/Agenta-AI/agenta/security/advisories/GHSA-cfr2-mp74-3763","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}}]}