Key Information Vulnerability Description: Vulnerability Type: Potential Remote Code Execution (RCE) when reading user-defined data. Affected Versions: >=0.7.0, <3.0.0 Fixed Version: 3.0.0 Impact Scope and Details: includes functionality to parse template values. When secret values start with , interprets the remaining content as a Jinja2 template. Jinja2 is a powerful template engine; if exploited maliciously, it can trigger arbitrary code execution, leading to Remote Code Execution (RCE) risks. Attackers can trigger arbitrary code execution on the machine by controlling Jinja2 templates. If Vault content is fully trusted, this is not an issue. However, if the threat model includes an attacker being able to manipulate secret values retrieved from Vault via , then this vulnerability may be exploitable. Fix: In version 3.0.0, the code responsible for parsing Vault template secret values has been completely removed. Mitigation Measures (without upgrading): Use the environment variable , or the command-line flag , or set in the configuration file. If using the Python library, create a client that does not render template secrets via . Additional Information: CVE ID: CVE-2021-43837 CVSS v3 Score: 8.5 ( severity) References: Additional article on potential Jinja2 template risks Further Information: For questions or comments, please open an issue directly in the project repository.