CVE Catalog

CVE-2026-44643

Critical
Published: Translated: NVD NIST

Summary

Angular Expressions, used in the Angular.JS framework, prior to version 1.5.2, allowed an attacker to write a malicious expression that could escape the sandbox and execute arbitrary code on the system.

Risk Assessment

Exploitation of this vulnerability could lead to remote code execution, posing a serious threat to the security of the system and the organization's data.

Recommendation

It is recommended to upgrade to version 1.5.2 or later to mitigate this vulnerability.

Original NVD description (English source)

Angular Expressions provides expressions for the Angular.JS web framework as a standalone module. Prior to 1.5.2, an attacker can write a malicious expression using filters that escapes the sandbox to execute arbitrary code on the system. This vulnerability is fixed in 1.5.2.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS