Tag
CVE-2026-4800 allows attackers to inject arbitrary code at template compilation time via untrusted input passed as key names in the options.imports object of the _.template function in lodash versions prior to 4.18.0, potentially leading to remote code execution.