CVE-2026-44643

EUVD-2026-29078
Angular Expressions provides expressions for the Angular.JS web framework as a standalone module. Prior to 1.5.2, an attacker can write a malicious expression using filters that escapes the sandbox to execute arbitrary code on the system. This vulnerability is fixed in 1.5.2.
Eval Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
10 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 37%
Affected Products (NVD)
VendorProductVersion
peerigonangular-expressions
𝑥
< 1.5.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/peerigon/angular-expressions/security/advisories/GHSA-pw8r-6689-xvf4