Browse all 6 CVE security advisories affecting Brecht. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Brecht is a Python templating engine primarily used for generating dynamic web content and email templates. Historically, it has been vulnerable to remote code execution (RCE) due to unsafe template evaluation, cross-site scripting (XSS) from improper output escaping, and privilege escalation through insecure context handling. The project has recorded six CVEs, with notable issues including sandbox bypasses and unsafe deserialization. While no major public incidents have been widely reported, the consistent pattern of RCE vulnerabilities in templating engines like Brecht highlights the risks of dynamic code execution in web applications. Security researchers have emphasized the importance of proper input validation and sandboxing when using such templating systems.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-68033 | WordPress Custom Related Posts plugin <= 1.8.0 - Sensitive Data Exposure vulnerability — Custom Related PostsCWE-201 | 7.5 | High | 2026-01-05 |
| CVE-2025-46227 | WordPress Custom Related Posts plugin <= 1.7.4 - Cross Site Scripting (XSS) Vulnerability — Custom Related PostsCWE-79 | 6.5 | Medium | 2025-04-22 |
This page lists every published CVE security advisory associated with Brecht. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.