HIGH
masci
CVE published 2026-05-26
CVE-2026-44209
## Summary A Server-Side Template Injection (SSTI) vulnerability in the Banks LLM prompt templating library (versions prior to 2.4.2) allows remote code execution when user-supplied strings are passed as template arguments to the `Prompt()` constructor. The root cause is the use of an unsandboxed `jinja2.Environment()` for rendering prompt templates. ## Technical Details Banks is a Python library that gen [truncated]