CVE-2026-55760
Received Received - Intake

Path Traversal in Handlebars.java via User-Controlled Input

Vulnerability report for CVE-2026-55760, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-08

Last updated on: 2026-07-08

Assigner: GitHub, Inc.

Description

Handlebars.java provides logic-less and semantic Mustache templates with Java. Prior to 4.5.2, applications that pass user-controlled input to Handlebars.compile() using FileTemplateLoader or ClassPathTemplateLoader are vulnerable to path traversal, allowing arbitrary file read through template names derived from URL path parameters, request parameters, or other user-controlled sources. This issue is fixed in version 4.5.2.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-08
Last Modified
2026-07-08
Generated
2026-07-09
AI Q&A
2026-07-08
EPSS Evaluated
N/A
NVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
jknack handlebars.java to 4.5.2 (exc)
jknack handlebars.java 4.5.2

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-55760 is a path traversal vulnerability in the Handlebars.java library, specifically affecting the FileTemplateLoader and ClassPathTemplateLoader components. Prior to version 4.5.2, if an application passed user-controlled input to the Handlebars.compile() method for template loading, attackers could manipulate the input to access arbitrary files outside the intended directories. This happens because the library did not properly restrict certain path inputs, such as the root path "/" or empty suffixes, allowing unauthorized file reads.

The vulnerability arises when template names are derived from user-controlled sources like URL path parameters or request parameters, enabling attackers to perform path traversal attacks and read sensitive files on the server.

The issue was fixed in version 4.5.2 by adding path validation and normalization to ensure that paths stay within allowed directories and by rejecting invalid paths that could lead to traversal.

Detection Guidance

This vulnerability can be detected by monitoring for attempts to exploit path traversal in template names passed to Handlebars.compile(), especially when these names are derived from URL path parameters, request parameters, or other user-controlled inputs.

Detection can involve checking logs or network traffic for suspicious template name patterns that include traversal sequences such as "../" or attempts to access root paths or empty suffixes.

Specific commands to detect such attempts depend on your environment, but examples include:

  • Using grep on server logs to find suspicious template names: grep -E '\.\./|^/$|^$' /path/to/handlebars/logs/access.log
  • Using network monitoring tools like tcpdump or Wireshark to filter HTTP requests containing suspicious path traversal patterns in URL parameters.
  • If you have access to the application code or runtime, enabling debug or audit logging around Handlebars.compile() calls to log template names being compiled.
Mitigation Strategies

The primary immediate mitigation step is to upgrade Handlebars.java to version 4.5.2 or later, where this path traversal vulnerability is fixed.

If upgrading immediately is not possible, implement strict input validation on any user-controlled input that is passed to Handlebars.compile(), ensuring that template names do not contain path traversal sequences or invalid paths such as root path "/" or empty suffixes.

Additionally, review and restrict the use of FileTemplateLoader and ClassPathTemplateLoader to prevent loading templates from untrusted or user-controllable locations.

Impact Analysis

This vulnerability can impact you by allowing attackers to read arbitrary files on your server if your application uses vulnerable versions of Handlebars.java and passes user-controlled input to template loading functions. This can lead to exposure of sensitive data such as configuration files, credentials, or other private information.

Because the vulnerability has a high severity score (CVSS 7.5) and requires no privileges or user interaction, it poses a significant risk, especially for web applications that dynamically load templates based on user input.

The primary impact is on confidentiality, as attackers can read files they should not have access to. There is no direct impact on data integrity or availability.

To mitigate this risk, it is recommended to update to Handlebars.java version 4.5.2 or later, or implement strict input validation to prevent path traversal attempts.

Compliance Impact

The vulnerability allows arbitrary file read through path traversal, which impacts data confidentiality by potentially exposing sensitive files. This exposure could lead to non-compliance with data protection standards and regulations such as GDPR and HIPAA, which require safeguarding sensitive and personal data against unauthorized access.

Since the vulnerability enables attackers to read arbitrary files without authentication or user interaction, it increases the risk of sensitive information leakage, thereby affecting compliance with confidentiality requirements mandated by these regulations.

Mitigating this vulnerability by updating to version 4.5.2 or implementing input validation is essential to maintain compliance with such standards.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-55760. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart