Skip to content
CVSS 10.0CVSS 10.0 · CRITICAL

CVE-2026-44643

Angular Expressions provides expressions for the Angular.JS web framework as a standalone module. Prior to 1.5.2, an attacker can write a malicious expression using filters that escapes the sandbox to execute arbitrary code on the system. This vulnerability is fixed in 1.5.2.

Ver en NVD

Análisis

The angular-expressions library contains a critical sandbox escape vulnerability. Attackers can provide malicious expressions using filters to execute arbitrary code on the system. This is particularly dangerous for applications using this library to process untrusted templates or user-provided logic.

Severidad

Puntaje: 10.0(CRITICAL)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
AV: NETWORK
AC: LOW
PR: NONE
UI: NONE
S: CHANGED
C: HIGH
I: HIGH
A: HIGH
Tipo de falla (CWE): CWE-95

EPSS

Probabilidad de explotación (próx. 30 días): 0.0008 (0.1%)
Percentil: 23.0%
EPSS: 2026-05-13

Afecta

peerigon:angular-expressions

Descripción técnica

Angular Expressions provides expressions for the Angular.JS web framework as a standalone module. Prior to 1.5.2, an attacker can write a malicious expression using filters that escapes the sandbox to execute arbitrary code on the system. This vulnerability is fixed in 1.5.2.

Publicada: 11/5/2026, 16:17:36
Última modificación: 13/5/2026, 14:54:54

Referencias

InicioEventosBlogRecursosEquipo