Vulnerability Description
Giskard is an open-source testing framework for AI models. In versions prior to 1.0.2b1, the ConformityCheck class rendered the rule parameter through Jinja2's default Template() constructor, silently interpreting template expressions at runtime. If check definitions are loaded from an untrusted source, a crafted rule string could achieve arbitrary code execution. Exploitation requires write access to a check definition and subsequent execution of the test suite. This issue has been fixed in giskard-checks version 1.0.2b1.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Giskard | Giskard | < 1.0.2 |
Related Weaknesses (CWE)
References
- https://github.com/Giskard-AI/giskard-oss/releases/tag/giskard-checks%2Fv1.0.2b1Release Notes
- https://github.com/Giskard-AI/giskard-oss/security/advisories/GHSA-7xjm-g8f4-rp2Vendor Advisory
FAQ
What is CVE-2026-40320?
CVE-2026-40320 is a vulnerability with a CVSS score of 7.8 (HIGH). Giskard is an open-source testing framework for AI models. In versions prior to 1.0.2b1, the ConformityCheck class rendered the rule parameter through Jinja2's default Template() constructor, silently...
How severe is CVE-2026-40320?
CVE-2026-40320 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-40320?
Check the references section above for vendor advisories and patch information. Affected products include: Giskard Giskard.