CVE-2026-5559

MEDIUM

AntaresMugisho PyBlade AST Validation sandbox.py _is_safe_ast special elements used in a template engine

Title source: cna

Description

A vulnerability has been found in AntaresMugisho PyBlade 0.1.8-alpha/0.1.9-alpha. The affected element is the function _is_safe_ast of the file sandbox.py of the component AST Validation. Such manipulation leads to improper neutralization of special elements used in a template engine. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

References (6)

[Vdb Entry, Technical Description] https://vuldb.com/vuln/355329

[Signature, Permissions Required] https://vuldb.com/vuln/355329/cti

[Third Party Advisory] https://vuldb.com/submit/782904

[Issue Tracking] https://github.com/AntaresMugisho/PyBlade/issues/1

[Exploit] https://github.com/AntaresMugisho/PyBlade/issues/1#issue-4086730906

[Product] https://github.com/AntaresMugisho/PyBlade/

Scores

CVSS v3 6.3

EPSS 0.0002

EPSS Percentile 5.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-1336 CWE-791

Status published

Products (3)

AntaresMugisho/PyBlade 0.1.8-alpha

AntaresMugisho/PyBlade 0.1.9-alpha

pypi/pyblade 0.1.8-alphaPyPI

Published Apr 05, 2026

Tracked Since Apr 05, 2026