CVE-2026-33937: Handlebars.js has JavaScript Injection via AST Type Confusion
Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, `Handlebars.compile()` accepts a pre-parsed AST object in addition to a template string. The `value` field of a `NumberLiteral` AST node is emitted directly into the generated JavaScript without quoting or sanitization. An attacker who can supply a crafted AST to `compile()` can therefore inject and execute arbitrary JavaScript, leading to Remote Code Execution on the server. Version 4.7.9 fixes the issue. Some workarounds are available. Validate input type before calling `Handlebars.compile()`; ensure the argument is always a `string`, never a plain object or JSON-deserialized value. Use the Handlebars runtime-only build (`handlebars/runtime`) on the server if templates are pre-compiled at build time; `compile()` will be unavailable.
Security readout for executives and security teams
Plain-English summary
Handlebars.js can turn a malicious pre-parsed template object into server-side JavaScript execution when vulnerable compile paths accept objects. Organizations using handlebars 4.0.0 through 4.7.8 should treat server-side template compilation of untrusted or JSON-deserialized input as urgent. The fixed release is 4.7.9.
Executive priority
Prioritize remediation where handlebars is used in server-side rendering, template management, email generation, CMS workflows, or admin customization. The business risk is full server compromise if untrusted AST objects can reach compile().
Technical view
The issue is AST type confusion in Handlebars.compile(). A NumberLiteral node's value field is emitted into generated JavaScript without quoting or sanitization, enabling JavaScript injection if an attacker controls the AST object. CVSS is 9.8; listed CWEs are CWE-843 and CWE-94.
Likely exposure
Most exposed are Node.js services that call compile() on user-controlled, API-supplied, stored, or JSON-deserialized template data. Runtime-only deployments using precompiled templates and no server-side compile() are less likely exposed.
Exploitation context
The bundle does not show CISA KEV listing or cited active exploitation. Practical exploitation requires attacker influence over the object passed to compile(), not merely ordinary template string rendering.
Researcher notes
Focus analysis on data-flow into compile(), especially object inputs from JSON parsing or stored template definitions. Do not assume exposure from the package alone; the vulnerable condition depends on reachable server-side compilation of attacker-influenced AST objects.
Mitigation direction
Upgrade handlebars.js to version 4.7.9 or later.
Validate compile() input type and require a string.
Do not pass plain objects or JSON-deserialized values to compile().
Use handlebars/runtime on servers that only run precompiled templates.
Review Red Hat advisories for affected packaged products.
Validation and detection
Inventory direct and transitive handlebars.js versions.
Search code for Handlebars.compile() and compile() wrappers.
Confirm no request, database, or queue data reaches compile() as objects.
Check lockfiles and deployed artifacts for versions below 4.7.9.
Verify runtime-only deployments do not bundle server-side compile().
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cwe · low confidence lookup
CWE-843: Exact CWE lookup
Use the exact CWE identifier as the starting point before reviewing related ATT&CK behavior. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.
Code execution and unsafe deserialization weaknesses often justify reviewing execution behavior and process telemetry. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.
The CVE wording references code or command execution, so execution technique review may help defensive triage. This is a Glexia inferred lookup path, not an official MITRE, ATT&CK, or CVE Program mapping.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
2CVSS vectors
5Timeline events
2ADP providers
9Source links
SSVC decision data
CISA-ADPCISA Coordinator
Timestamp
Version
2.0.3
Exploitation: pocAutomatable: yesTechnical Impact: total
CVSS vector scores
2 official scores
We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.
CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.
CWE-843 · source CWE mapping
Access of Resource Using Incompatible Type ('Type Confusion')
Access of Resource Using Incompatible Type ('Type Confusion') represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.
Improper Control of Generation of Code ('Code Injection')
Improper Control of Generation of Code ('Code Injection') represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.