Skip to content
CVSS 10.0CVSS 10.0 · CRITICAL

CVE-2026-44643

Angular Expressions provides expressions for the Angular.JS web framework as a standalone module. Prior to 1.5.2, an attacker can write a malicious expression using filters that escapes the sandbox to execute arbitrary code on the system. This vulnerability is fixed in 1.5.2.

View on NVD

Analysis

The angular-expressions library contains a critical sandbox escape vulnerability. Attackers can provide malicious expressions using filters to execute arbitrary code on the system. This is particularly dangerous for applications using this library to process untrusted templates or user-provided logic.

Severity

Score: 10.0(CRITICAL)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
AV: NETWORK
AC: LOW
PR: NONE
UI: NONE
S: CHANGED
C: HIGH
I: HIGH
A: HIGH
Weakness (CWE): CWE-95

EPSS

Probability of exploitation (next 30 days): 0.0008 (0.1%)
Percentile: 23.0%
EPSS: 2026-05-13

Affects

peerigon:angular-expressions

Technical description

Angular Expressions provides expressions for the Angular.JS web framework as a standalone module. Prior to 1.5.2, an attacker can write a malicious expression using filters that escapes the sandbox to execute arbitrary code on the system. This vulnerability is fixed in 1.5.2.

Published: 5/11/2026, 4:17:36 PM
Last modified: 5/13/2026, 2:54:54 PM

References

HomeEventsBlogResourcesTeam