CVE-2026-55760 in handlebars.javainformazioni

Riassunto

di MITRE • 08/07/2026

Handlebars.java provides logic-less and semantic Mustache templates with Java. Prior to 4.5.2, applications that pass user-controlled input to Handlebars.compile() using FileTemplateLoader or ClassPathTemplateLoader are vulnerable to path traversal, allowing arbitrary file read through template names derived from URL path parameters, request parameters, or other user-controlled sources. This issue is fixed in version 4.5.2.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Fonti

Interested in the pricing of exploits?

See the underground prices here!