HomeCVE Intelligence › CVE-2026-44209
CVSS 7.5 HIGH Vulnerability

CVE-2026-44209: banks has Critical Remote Code Execution (RCE) via Jinja2 SSTI

Summary banks /tmp/rce_banks_exec').read() }}") p.text() ` `bash ls -l /tmp/rce_banks_exec -rw-rw-r-1 ak ak 4 Apr 27 15:36 /tmp/rce_banks_exec ` Impact Applications that allow end-users to supply or customize prompt tem…

7.5CVSS Score
HIGHSeverity
NOCISA KEV
VulnerabilityImpact Type

📋 Vulnerability Details

CVE IDCVE-2026-44209
Vendorpip
Affected Productbanks
Vulnerability TypeVulnerability
CVSS Score7.5 (HIGH)
Actively Exploited❌ No known exploitation
Patch StatusSee Vendor Advisory →
Reported ByCYBERDUDEBIVASH SENTINEL APEX Intelligence (via github_advisories)

🔬 Technical Analysis

#

Summary banks /tmp/rce_banks_exec').read() }}")

p.text() ` `bash ls -l /tmp/rce_banks_exec

-rw-rw-r-- 1 ak ak 4 Apr 27 15:36 /tmp/rce_banks_exec

`

Impact Applications that allow end-users to supply or customize prompt templates are at risk of full Remote Code Execution, including arbitrary command execution, data exfiltration, and server compromise.

Fix Fixed in banks 2.4.2 (PR #74) by switching to jinja2.sandbox.SandboxedEnvironment, which blocks the dunder attribute traversal chain this exploit relies on. Developers on banks <= 2.4.1 should upgrade to 2.4.2 and avoid passing untrusted user input as the template argument to Prompt()`.

Resources

• Fix: https://github.com/masci/banks/pull/74
• CVE-2024-41950 (Haystack — identical root cause, CVSS 7.5)
• CVE-202

🎯 Known Indicators of Compromise

{"type":"url","value":"https://github.com/masci/banks/pull/74","confidence_score":0.82,"first_seen":"2026-05-08","source_count":1}

📚 Advisory References

⚡ DETECTION RULES AVAILABLE

Get CVE-2026-44209 Detection Pack

Sigma rules, YARA signatures, IOC table, and SIEM queries for Splunk, Elastic, Sentinel, and Chronicle — deployable in 5 minutes.

✓ Sigma Rules ✓ YARA Pack ✓ IOC Table ✓ SIEM Queries
🛡️ Get Detection Pack → 🔌 Access via API →

🔗 Related Intelligence