Browse all 6 CVE security advisories affecting Brecht. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Brecht is a Python templating engine primarily used for generating dynamic web content and email templates. Historically, it has been vulnerable to remote code execution (RCE) due to unsafe template evaluation, cross-site scripting (XSS) from improper output escaping, and privilege escalation through insecure context handling. The project has recorded six CVEs, with notable issues including sandbox bypasses and unsafe deserialization. While no major public incidents have been widely reported, the consistent pattern of RCE vulnerabilities in templating engines like Brecht highlights the risks of dynamic code execution in web applications. Security researchers have emphasized the importance of proper input validation and sandboxing when using such templating systems.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-24357 | WordPress WP Recipe Maker plugin <= 10.2.4 - Broken Access Control vulnerability — WP Recipe MakerCWE-862 | 4.3 | Medium | 2026-01-22 |
| CVE-2025-62897 | WordPress WP Recipe Maker plugin < 10.1.0 - Content Injection vulnerability — WP Recipe MakerCWE-80 | 5.3 | Medium | 2025-10-27 |
This page lists every published CVE security advisory associated with Brecht. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.