{"id":"PYSEC-2026-7","details":"Agenta is an open-source LLMOps platform. A Server-Side Template Injection (SSTI) vulnerability exists in versions prior to 0.86.8 in Agenta's API server evaluator template rendering. Although the vulnerable code lives in the SDK package, it is executed server-side within the API process when running evaluators. This does not affect standalone SDK usage — it only impacts self-hosted or managed Agenta platform deployments. Version 0.86.8 contains a fix for the issue.","aliases":["CVE-2026-27961","GHSA-cfr2-mp74-3763"],"modified":"2026-05-20T09:18:51.078113Z","published":"2026-02-26T02:16:23.483Z","references":[{"type":"ADVISORY","url":"https://github.com/Agenta-AI/agenta/security/advisories/GHSA-cfr2-mp74-3763"}],"affected":[{"package":{"name":"agenta","ecosystem":"PyPI","purl":"pkg:pypi/agenta"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.86.8"}]}],"versions":["0.1.0","0.1.1","0.1.10","0.1.11","0.1.12","0.1.13","0.1.14","0.1.15","0.1.16","0.1.17","0.1.18","0.1.19","0.1.2","0.1.21","0.1.22","0.1.23","0.1.24","0.1.25","0.1.26","0.1.27","0.1.28","0.1.29","0.1.3","0.1.4","0.1.5","0.1.6","0.1.7","0.1.8","0.1.9","0.10.0","0.10.1","0.10.2","0.10.3","0.12.0","0.12.1","0.12.2","0.12.3","0.12.4","0.12.5","0.12.6","0.12.7","0.13.0","0.13.0a0","0.13.0a1","0.13.0a2","0.13.0a3","0.13.1","0.13.2","0.13.3","0.13.4","0.13.5","0.13.6","0.13.7","0.13.7a0","0.13.8","0.14.0","0.14.1","0.14.10","0.14.11","0.14.12","0.14.12a0","0.14.12a1","0.14.12a2","0.14.13","0.14.14","0.14.14a0","0.14.14a1","0.14.1a0","0.14.1a1","0.14.2","0.14.3","0.14.4","0.14.5","0.14.6","0.14.6a0","0.14.7","0.14.7a0","0.14.7a1","0.14.8","0.14.8a0","0.14.9","0.15.0","0.15.0a0","0.15.0a1","0.15.0a2","0.15.0a3","0.15.0a4","0.16.0","0.17.0","0.17.1","0.17.2","0.17.3","0.17.4","0.17.4a0","0.17.5","0.17.6a0","0.17.6a1","0.18.0","0.19.0","0.19.1","0.19.1a0","0.19.2","0.19.3","0.19.4","0.19.5","0.19.6","0.19.6a0","0.19.7","0.19.8","0.19.8a0","0.19.9","0.2.0","0.2.10","0.2.11","0.2.12","0.2.2","0.2.3","0.2.4","0.2.5","0.2.6","0.2.7","0.2.8","0.2.9","0.20.0a0","0.20.0a1","0.20.0a10","0.20.0a11","0.20.0a12","0.20.0a13","0.20.0a3","0.20.0a4","0.20.0a6","0.20.0a7","0.20.0a8","0.20.0a9","0.21.0a1","0.21.0b1","0.22.0","0.23.0","0.23.0a1","0.24.0","0.24.1","0.24.1a0","0.24.2","0.24.2a1","0.24.2a2","0.24.3","0.24.3a1","0.24.4","0.25.0","0.25.1","0.25.2","0.25.3","0.25.3a1","0.25.4","0.25.4a1","0.25.4a2","0.25.4a3","0.25.4a4","0.26.0","0.26.0a0","0.27.0","0.27.0a0","0.27.0a1","0.27.0a12","0.27.0a13","0.27.0a15","0.27.0a2","0.27.0a5","0.27.0a6","0.27.0a7","0.27.0a8","0.27.0a9","0.27.1","0.27.2","0.27.2a2","0.27.3","0.27.4a0","0.27.4a1","0.27.5","0.27.5a1","0.27.6","0.27.6a0","0.27.6a1","0.27.6a2","0.27.6a3","0.27.7","0.27.7a0","0.27.7a1","0.27.7a2","0.27.8a2","0.28.0","0.28.0a1","0.28.0a2","0.28.0a3","0.28.0a4","0.28.1","0.28.2a1","0.28.2a2","0.29.0","0.3.0","0.3.1","0.30.0","0.30.0a1","0.30.0a2","0.30.0a3","0.30.0a4","0.30.0a6","0.31.0","0.31.0a1","0.32.0","0.32.0a1","0.32.0a2","0.33.0","0.33.0a1","0.33.0a3","0.33.1","0.33.2","0.33.3","0.33.4","0.33.5","0.33.6","0.33.7","0.33.8","0.34.1","0.34.3","0.34.4","0.34.5","0.34.6","0.34.7","0.35.0","0.35.1","0.35.2","0.36.0","0.36.1","0.36.2","0.36.3","0.36.4","0.36.5","0.37.0","0.37.1","0.37.2","0.37.3","0.38.0","0.38.1","0.38.2","0.39.0","0.39.1","0.39.2","0.39.3","0.39.4","0.4.0","0.4.1","0.40.0","0.41.0","0.41.1","0.42.0","0.42.1","0.42.2","0.43.0","0.43.1","0.44.0","0.44.3","0.44.4","0.45.0","0.45.1","0.45.2","0.45.3","0.45.4","0.46.0","0.46.1","0.47.0","0.48.0","0.48.1","0.48.10","0.48.2","0.48.3","0.48.4","0.48.5","0.48.6","0.48.7","0.48.8","0.48.9","0.49.0","0.49.1","0.49.2","0.49.3","0.49.4","0.49.5","0.5.0","0.5.1","0.5.2","0.5.3","0.5.4","0.5.5","0.5.6","0.5.7","0.5.8","0.50.0","0.50.1","0.50.2","0.50.3","0.50.4","0.50.5","0.50.6","0.51.0","0.51.1","0.51.2","0.51.3","0.51.4","0.51.5","0.51.6","0.52.0","0.52.1","0.52.2","0.52.3","0.52.4","0.52.5","0.52.6","0.52.7","0.52.8","0.53.0","0.54.0","0.54.1","0.55.0","0.55.1","0.55.2","0.56.0","0.56.1","0.56.2","0.56.3","0.56.4","0.57.0","0.57.1","0.57.2","0.58.0","0.59.0","0.59.1","0.59.10","0.59.11","0.59.12","0.59.2","0.59.3","0.59.4","0.59.5","0.59.6","0.59.7","0.59.8","0.59.9","0.6.0","0.6.1","0.6.10","0.6.2","0.6.3","0.6.4","0.6.5","0.6.6","0.6.7","0.6.8","0.6.9","0.60.0","0.60.1","0.60.2","0.61.0","0.61.1","0.61.2","0.62.0","0.62.1","0.62.2","0.62.3","0.62.4","0.62.5","0.62.6","0.62.7","0.62.8","0.62.9","0.63.0","0.63.2","0.64.0","0.64.1","0.65.0","0.66.0","0.66.1","0.66.2","0.67.0","0.68.0","0.68.1","0.68.3","0.68.5","0.69.0","0.69.1","0.69.2","0.69.3","0.69.4","0.69.5","0.69.6","0.69.7","0.69.8","0.7.0","0.7.1","0.70.0","0.70.1","0.71.0","0.71.1","0.72.0","0.72.1","0.72.2","0.72.3","0.72.4","0.73.0","0.74.0","0.75.0","0.75.1","0.76.0","0.77.0","0.77.1","0.77.2","0.77.3","0.77.4","0.78.0","0.78.1","0.79.0","0.79.1","0.8.0","0.8.1","0.8.2","0.8.3","0.8.4","0.80.0","0.80.1","0.80.2","0.80.3","0.80.4","0.80.5","0.80.6","0.80.7","0.80.8","0.80.9","0.81.0","0.81.1","0.81.2","0.82.0","0.83.0","0.83.1","0.84.0","0.84.1","0.85.0","0.85.1","0.85.2","0.85.3","0.85.4","0.85.5","0.85.6","0.86.0","0.86.1","0.86.3","0.86.4","0.86.5","0.86.6","0.86.7","0.9.0"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/agenta/PYSEC-2026-7.yaml"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}