THREATOPS
THREAT OPSThreat News › [NVD] CVE-2026-4800 (HIGH 8.1) — Impact: The fix for CVE-2021-23337 (https://github.com/advisories/GHSA-35jh-r3h4-6jhm) added validation for the variable option in _.template but did not apply the same validation to options.imports key names. Both paths flow into the same Function() constructor sink. When an a

[NVD] CVE-2026-4800 (HIGH 8.1) — Impact: The fix for CVE-2021-23337 (https://github.com/advisories/GHSA-35jh-r3h4-6jhm) added validation for the variable option in _.template but did not apply the same validation to options.imports key names. Both paths flow into the same Function() constructor sink. When an a

lownvdPublished 2026-03-31

CVE-2026-4800 CVSS: 8.1 HIGH Published: 2026-03-31T20:16:29.660

Impact:

The fix for CVE-2021-23337 (https://github.com/advisories/GHSA-35jh-r3h4-6jhm) added validation for the variable option in _.template but did not apply the same validation to options.imports key names. Both paths flow into the same Function() constructor sink.

When an application passes untrusted input as options.imports ke

Indicators of compromise

Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-4800