THREAT OPS › Threat News › [NVD] CVE-2026-4800 (HIGH 8.1) — Impact:
The fix for CVE-2021-23337 (https://github.com/advisories/GHSA-35jh-r3h4-6jhm) added validation for the variable option in _.template but did not apply the same validation to options.imports key names. Both paths flow into the same Function() constructor sink.
When an a
[NVD] CVE-2026-4800 (HIGH 8.1) — Impact: The fix for CVE-2021-23337 (https://github.com/advisories/GHSA-35jh-r3h4-6jhm) added validation for the variable option in _.template but did not apply the same validation to options.imports key names. Both paths flow into the same Function() constructor sink. When an a
CVE-2026-4800 CVSS: 8.1 HIGH Published: 2026-03-31T20:16:29.660
Impact:
The fix for CVE-2021-23337 (https://github.com/advisories/GHSA-35jh-r3h4-6jhm) added validation for the variable option in _.template but did not apply the same validation to options.imports key names. Both paths flow into the same Function() constructor sink.
When an application passes untrusted input as options.imports ke
Indicators of compromise
- CVE-2026-4800cve
- CVE-2021-23337cve
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-4800