CVE-2026-33916
medium
Red Hat CVSS v3 Base Score
4.7
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score
0.0%
Exploitation probability in 30 days
Top 92% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Confidentiality
Low
Integrity
Low
Availability
None
Published: March 27, 2026 (47 days ago)
Last Modified: March 27, 2026
Vendor: Red Hat
Source: REDHAT
Vulnerability Report
Generated by CyberWatcher
Description
Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, `resolvePartial()` in the Handlebars runtime resolves partial names via a plain property lookup on `options.partials` without guarding against prototype-chain traversal. When `Object.prototype` has been polluted with a string value whose key matches a partial reference in a template, the polluted string is used as the partial body and rendered without HTML escaping, resulting in reflected or stored XSS. Version 4.7.9 fixes the issue. Some workarounds are available. Apply `Object.freeze(Object.prototype)` early in application startup to prevent prototype pollution. Note: this may break other libraries, and/or use the Handlebars runtime-only build (`handlebars/runtime`), which does not compile templates and reduces the attack surface.
CWE
CWE-915Affected Products
Cryostat 4Logging Subsystem for Red Hat OpenShiftRed Hat Data Grid 8Red Hat Enterprise Linux 10Red Hat Enterprise Linux 7Red Hat Enterprise Linux 8Red Hat Enterprise Linux 9Red Hat OpenShift AI (RHOAI)Red Hat OpenShift Dev SpacesRed Hat Process Automation 7