CVE-2026-33943 - Vulnerability Analysis
HighCVSS: 8.8Last Updated: March 27, 2026
Happy DOM - Remote Code Execution
Overview
Happy DOM 15.10.0 through 20.8.7 contains a code injection vulnerability caused by unsanitized interpolation of JavaScript expressions in ECMAScriptModuleCompiler export declarations, letting attackers achieve remote code execution, exploit requires crafted ES module scripts.
Severity & Score
Impact
Attackers can execute arbitrary JavaScript code remotely, potentially leading to full system compromise.
Mitigation
Update to version 20.8.8 or later.
References
Social Media Activity(2 posts)
š CVE-2026-33943 - High (8.8) Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. In versions 15.10.0 through 20.8.7, a code injection vulnerability in `ECMAScriptModuleCompiler` allows an attacker to achieve Remote Code Execution (R... š https://www.thehackerwire.com/vulnerability/CVE-2026-33943/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original post
š CVE-2026-33943 - High (8.8) Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. In versions 15.10.0 through 20.8.7, a code injection vulnerability in `ECMAScriptModuleCompiler` allows an attacker to achieve Remote Code Execution (R... š https://www.thehackerwire.com/vulnerability/CVE-2026-33943/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-33943
- Severity
- High
- CVSS Score
- 8.8
- Type
- template_injection
- Status
- new
- EPSS
- 0.0%
- Social Posts
- 2
CWE
- CWE-94
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H