Severity: Critical
Description: SAS Viya 3.5, SAS 9.4M8, and SAS 9.4M9 contain a version of handlebars.js affected by CVE-2026-33937.
Potential Impact: This CVE might allow Remote Code Execution. See the CVE record for additional information.