Description

JinJava is a Java-based template engine based on django template syntax, adapted to render jinja templates. Prior to versions 2.7.6 and 2.8.3, JinJava is vulnerable to arbitrary Java execution via bypass through ForTag. This allows arbitrary Java class instantiation and file access bypassing built-in sandbox restrictions. This issue has been patched in versions 2.7.6 and 2.8.3.

INFO

Published Date :

2026-02-04T21:26:58.572Z

Last Modified :

2026-02-05T21:01:00.454Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-25526 vulnerability.

Vendors Products
Hubspot
  • Jinjava
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-25526.

URL Resource
https://github.com/HubSpot/jinjava/commit/3d02e504d8bbb13bf3fe019e9ca7b51dfce7a998 cve-icon cve-icon
https://github.com/HubSpot/jinjava/commit/c7328dce6030ac718f88974196035edafef24441 cve-icon cve-icon
https://github.com/HubSpot/jinjava/releases/tag/jinjava-2.7.6 cve-icon cve-icon
https://github.com/HubSpot/jinjava/releases/tag/jinjava-2.8.3 cve-icon cve-icon
https://github.com/HubSpot/jinjava/security/advisories/GHSA-gjx9-j8f8-7j74 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact