CVE-2026-33938 is a high-severity vulnerability in Handlebars, a popular templating engine for Node.js. The vulnerability allows for arbitrary JavaScript code execution on the server due to improper handling of the `@partial-block` special variable. This variable is stored in the template data context and can be overwritten by helpers that accept arbitrary objects, leading to code injection. The issue aff [truncated]
CVE-2026-33937 is a critical vulnerability in Handlebars, a popular templating engine for Node.js. The vulnerability allows for Remote Code Execution (RCE) and has a CVSS score of 9.8. It affects Handlebars versions 4.0.0 through 4.7.8. An attacker can exploit this vulnerability by supplying a crafted Abstract Syntax Tree (AST) to the `Handlebars.compile()` function, which can lead to arbitrary JavaScript [truncated]