NetBox versions 4.3.5 through 4.5.4 contain a remote code execution vulnerability in the RenderTemplateMixin.get_environment_params() method that allows authenticated users with exporttemplate or configtemplate permissions to execute arbitrary code by specifying malicious Python callables in the environment_params field. Attackers can bypass Jinja2 SandboxedEnvironment protections by setting the finalize parameter to any importable Python callable such as subprocess.getoutput, which is invoked on every rendered expression outside the sandbox's call interception mechanism, achieving remote code execution as the NetBox service user.
Casky was already ahead
This CVE exploits attack patterns that Casky's 0matched skills already investigate — long before this vulnerability was disclosed. Claude's reasoning model maps these techniques to MITRE ATT&CK, so practitioners who ran these skills have already seen the threat behaviour in their findings.
NetBox versions 4.3.5 through 4.5.4 contain a critical remote code execution vulnerability in the RenderTemplateMixin.get_environment_params() method that allows authenticated users with exporttemplate or configtemplate permissions to execute arbitrary Python code. By injecting malicious Python callables into the environment_params field—such as subprocess.getoutput—attackers can circumvent Jinja2's SandboxedEnvironment protections. This vulnerability matters because NetBox is widely deployed in network automation and infrastructure management environments, meaning organizations relying on it for configuration templating face direct risk of system compromise. The vulnerability affects only authenticated users with specific permissions, but in many organizations these permissions are broadly distributed among network and operations teams, expanding the attack surface.
Casky's Claude AI-powered analysis would identify this attack pattern by mapping the exploitation chain to code injection and privilege abuse techniques. While traditional MITRE ATT&ACK mappings aren't available for this CVE, practitioners using Casky would see detections aligned with CWE-183 (Permissive List of Allowed Inputs) patterns—specifically, inadequate input validation in template parameter handling. The extended reasoning capability would flag suspicious indicators including: authenticated API calls to template rendering endpoints with callable objects in parameters, environment variable manipulation attempting to load dangerous modules, and subprocess execution initiated from template processing contexts. Practitioners would see findings highlighting that attackers need valid credentials but only require lower-privileged template permissions, making this particularly dangerous in delegated access models common in infrastructure teams.
Composite risk scoring from EPSS, CISA KEV, Shodan, and GreyNoise — 21 security APIs correlated into a single Casky Risk Score. Coming in Casky Pro. Join early access →
Casky has 0 skills that investigate the attack patterns behind CVE-2026-29514. Run one and get CVSS-scored findings in 3 minutes.
Run the skill that detects this →© 2026 Casky.AI, Inc. · AI Security Investigation