CVE-2023-26092 – CVE-2023-26092 is a server-side template inject... (How to Fix)

Q: What is the severity of CVE-2023-26092?

CVE-2023-26092 has a CVSS score of 9.8 (CRITICAL). CVE-2023-26092 is a server-side template injection vulnerability in Liima that allows attackers to execute arbitrary code on affected servers. This affects all Liima deployments running versions before 1.17.28. Successful exploitation could lead to complete system compromise.

📋 TL;DR

CVE-2023-26092 is a server-side template injection vulnerability in Liima that allows attackers to execute arbitrary code on affected servers. This affects all Liima deployments running versions before 1.17.28. Successful exploitation could lead to complete system compromise.

💻 Affected Systems

Products:

Liima

Versions: All versions before 1.17.28

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: All Liima deployments using vulnerable versions are affected regardless of configuration.

📦 What is this software?

Liima by Puzzle

View all CVEs affecting Liima →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to full system compromise, data theft, lateral movement, and persistent backdoor installation.

🟠

Likely Case

Remote code execution with application-level privileges, potentially leading to data exfiltration and further system exploitation.

🟢

If Mitigated

Limited impact if proper network segmentation, WAF rules, and input validation are in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Template injection vulnerabilities typically have low exploitation complexity and can be exploited without authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.17.28

Vendor Advisory: https://github.com/liimaorg/liima/blob/master/release-changelog.md

Restart Required: Yes

Instructions:

1. Backup current configuration. 2. Stop Liima service. 3. Update to version 1.17.28 or later. 4. Restart Liima service. 5. Verify functionality.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement strict input validation to block template injection patterns

Implement regex filtering for template syntax in user inputs

Network Isolation

linux

Restrict network access to Liima instances

iptables -A INPUT -p tcp --dport [liima_port] -s [trusted_ips] -j ACCEPT
iptables -A INPUT -p tcp --dport [liima_port] -j DROP

🧯 If You Can't Patch

Implement web application firewall (WAF) with template injection rules
Disable or restrict Liima access to internal networks only

🔍 How to Verify

Check if Vulnerable:

Check Liima version: if version < 1.17.28, system is vulnerable

Check Version:

Check Liima configuration files or run 'liima --version' if available

Verify Fix Applied:

Verify version is 1.17.28 or later and test template injection attempts are blocked

📡 Detection & Monitoring

Log Indicators:

Unusual template syntax in request logs
Multiple failed template parsing attempts
Suspicious file operations from Liima process

Network Indicators:

Unexpected outbound connections from Liima server
Traffic patterns indicating code execution

SIEM Query:

source="liima.logs" AND ("template" OR "injection" OR "eval" OR "exec")

📊 Metadata

CVE ID: CVE-2023-26092

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-917

Published: February 20, 2023

Last Updated: March 17, 2025

🔗 References

https://github.com/liimaorg/liima/blob/master/release-changelog.md Release Notes
https://github.com/liimaorg/liima/pull/678 Patch,Vendor Advisory
https://github.com/liimaorg/liima/blob/master/release-changelog.md Release Notes
https://github.com/liimaorg/liima/pull/678 Patch,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-26092, you might also want to check these: