SAS® Viya® 3.5, SAS® 9.4M8 (TS1M8), and SAS® 9.4M9 (TS1M9) contain a version of handlebars.js affected by CVE-2026-33937


Severity: Critical

Description: SAS Viya 3.5, SAS 9.4M8, and SAS 9.4M9 contain a version of handlebars.js affected by CVE-2026-33937.

Potential Impact: This CVE might allow Remote Code Execution. See the CVE record for additional information.