CVE-2026-33937
Published: 27 March 2026
Summary
CVE-2026-33937 is a critical-severity Code Injection (CWE-94) vulnerability in Handlebarsjs Handlebars. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 45.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 CM-7 (Least Functionality) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Remediating the flaw by updating Handlebars to version 4.7.9 or later eliminates the vulnerability allowing arbitrary JavaScript injection via unsanitized NumberLiteral AST values.
Validating inputs to Handlebars.compile() to ensure they are strings and not crafted AST objects prevents the type confusion and code injection exploitation.
Using the Handlebars runtime-only build on the server disables the vulnerable compile() function, enforcing least functionality to avoid exposure to AST injection.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CVE enables remote code execution via crafted AST input to Handlebars.compile() in a public-facing web templating engine (T1190) and directly matches template injection (T1221).
NVD Description
Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, `Handlebars.compile()` accepts a pre-parsed AST object in addition to a template string. The `value` field of a `NumberLiteral` AST node is emitted directly into…
more
the generated JavaScript without quoting or sanitization. An attacker who can supply a crafted AST to `compile()` can therefore inject and execute arbitrary JavaScript, leading to Remote Code Execution on the server. Version 4.7.9 fixes the issue. Some workarounds are available. Validate input type before calling `Handlebars.compile()`; ensure the argument is always a `string`, never a plain object or JSON-deserialized value. Use the Handlebars runtime-only build (`handlebars/runtime`) on the server if templates are pre-compiled at build time; `compile()` will be unavailable.
Deeper analysisAI
CVE-2026-33937 is a critical vulnerability in Handlebars.js, a templating engine used for building semantic templates, affecting versions 4.0.0 through 4.7.8. The issue resides in the `Handlebars.compile()` function, which accepts a pre-parsed Abstract Syntax Tree (AST) object in addition to a template string. Specifically, the `value` field of a `NumberLiteral` AST node is emitted directly into the generated JavaScript code without quoting or sanitization, enabling code injection.
An unauthenticated attacker with the ability to supply a crafted AST object to `Handlebars.compile()` can exploit this flaw remotely with low complexity, as indicated by its CVSS 3.1 score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Successful exploitation leads to arbitrary JavaScript execution on the server, resulting in remote code execution (RCE). This is classified under CWE-94 (improper control of code generation) and CWE-843 (type confusion).
The vulnerability is fixed in Handlebars version 4.7.9, with the patching commit available at the referenced GitHub repository. Advisories recommend workarounds such as validating input types to ensure the argument to `Handlebars.compile()` is always a string and never a plain object or JSON-deserialized value. Additionally, using the Handlebars runtime-only build (`handlebars/runtime`) on the server is advised if templates are pre-compiled at build time, as it removes the `compile()` function entirely. Further details are in the official security advisory and release notes.
Details
- CWE(s)