Vulnerability in Giskard-ai Giskard-oss

CVE-2026-40320

Giskard is an open-source testing framework for AI models. In versions prior to 1.0.2b1, the ConformityCheck class rendered the rule parameter through Jinja2's default Template() constructor, silently interpreting template expressions at r…

EPSS: 0.000 (11.1th percentile) — read the EPSS interpretation.

Affected products

Giskard-ai Giskard-oss — versions < 1.0.2b1

Weakness classification (CWE)

CWE-1336 — Improper Neutralization of Special Elements Used in a Template Engine

References

https://github.com/Giskard-AI/giskard-oss/security/advisories/GHSA-7xjm-g8f4-rp26 (x_refsource_CONFIRM)
https://github.com/Giskard-AI/giskard-oss/releases/tag/giskard-checks%2Fv1.0.2b1 (x_refsource_MISC)