CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-25526

JinJava is a Java-based template engine based on django template syntax, adapted to render jinja templates. Prior to versions 2.7.6 and 2.8.3, JinJava is vulnerable to arbitrary Java execution via bypass through ForTag. This allows arbitrary Java class instantiation and file access bypassing built-in sandbox restrictions. This issue has been patched in versions 2.7.6 and 2.8.3.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 10.0%

CVSS Severity

CVSS v3 Score 9.8

References

Products affected by CVE-2026-25526

Hubspot » Jinjava » Version: 1.0.0

cpe:2.3:a:hubspot:jinjava:1.0.0
Hubspot » Jinjava » Version: 1.0.1

cpe:2.3:a:hubspot:jinjava:1.0.1
Hubspot » Jinjava » Version: 1.0.2

cpe:2.3:a:hubspot:jinjava:1.0.2
Hubspot » Jinjava » Version: 1.0.3

cpe:2.3:a:hubspot:jinjava:1.0.3
Hubspot » Jinjava » Version: 1.0.4

cpe:2.3:a:hubspot:jinjava:1.0.4
Hubspot » Jinjava » Version: 1.0.5

cpe:2.3:a:hubspot:jinjava:1.0.5
Hubspot » Jinjava » Version: 1.0.6

cpe:2.3:a:hubspot:jinjava:1.0.6
Hubspot » Jinjava » Version: 1.0.7

cpe:2.3:a:hubspot:jinjava:1.0.7
Hubspot » Jinjava » Version: 1.0.8

cpe:2.3:a:hubspot:jinjava:1.0.8
Hubspot » Jinjava » Version: 1.0.9

cpe:2.3:a:hubspot:jinjava:1.0.9
Hubspot » Jinjava » Version: 2.0.0

cpe:2.3:a:hubspot:jinjava:2.0.0
Hubspot » Jinjava » Version: 2.0.1

cpe:2.3:a:hubspot:jinjava:2.0.1
Hubspot » Jinjava » Version: 2.0.2

cpe:2.3:a:hubspot:jinjava:2.0.2
Hubspot » Jinjava » Version: 2.0.3

cpe:2.3:a:hubspot:jinjava:2.0.3
Hubspot » Jinjava » Version: 2.0.4

cpe:2.3:a:hubspot:jinjava:2.0.4
Hubspot » Jinjava » Version: 2.0.5

cpe:2.3:a:hubspot:jinjava:2.0.5
Hubspot » Jinjava » Version: 2.4.6

cpe:2.3:a:hubspot:jinjava:2.4.6
Hubspot » Jinjava » Version: 2.5.10

cpe:2.3:a:hubspot:jinjava:2.5.10
Hubspot » Jinjava » Version: 2.5.4

cpe:2.3:a:hubspot:jinjava:2.5.4
Hubspot » Jinjava » Version: 2.5.5

cpe:2.3:a:hubspot:jinjava:2.5.5
Hubspot » Jinjava » Version: 2.5.6

cpe:2.3:a:hubspot:jinjava:2.5.6
Hubspot » Jinjava » Version: 2.5.7

cpe:2.3:a:hubspot:jinjava:2.5.7
Hubspot » Jinjava » Version: 2.5.8

cpe:2.3:a:hubspot:jinjava:2.5.8
Hubspot » Jinjava » Version: 2.6.0

cpe:2.3:a:hubspot:jinjava:2.6.0
Hubspot » Jinjava » Version: 2.7.0

cpe:2.3:a:hubspot:jinjava:2.7.0
Hubspot » Jinjava » Version: 2.7.1

cpe:2.3:a:hubspot:jinjava:2.7.1
Hubspot » Jinjava » Version: 2.7.2

cpe:2.3:a:hubspot:jinjava:2.7.2
Hubspot » Jinjava » Version: 2.7.3

cpe:2.3:a:hubspot:jinjava:2.7.3
Hubspot » Jinjava » Version: 2.7.4

cpe:2.3:a:hubspot:jinjava:2.7.4
Hubspot » Jinjava » Version: 2.7.5

cpe:2.3:a:hubspot:jinjava:2.7.5
Hubspot » Jinjava » Version: 2.8.0

cpe:2.3:a:hubspot:jinjava:2.8.0
Hubspot » Jinjava » Version: 2.8.1

cpe:2.3:a:hubspot:jinjava:2.8.1
Hubspot » Jinjava » Version: 2.8.2

cpe:2.3:a:hubspot:jinjava:2.8.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-25526

Products

Pricing

Contact Us