Skip to main content
Echelon
Graph
Product
Directory
Enterprise
Compliance
Pulse
Exposures
AI Analyst
Compare
Docs
Login
Start Free
Pulse
›
Vendor Advisories
›
Microsoft Security Response Center (MSRC)
›
CVE-2026-33940
CVE-2026-33940
High
CVSS
8.1
Handlebars.js has JavaScript Injection via AST Type Confusion when passing an object as dynamic partial
Vendor
Microsoft Security Response Center (MSRC)
Published
May 31, 2026
Last Modified
—
🔗 CVE IDs covered (1)
CVE-2026-33940 →