CVE 9.3 CRITICAL

Angular Expressions – Remote Code Execution using filters_CVE-2026-44643

May 11, 2026 invoker category_cve

9.3 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

Angular Expressions provides expressions for the Angular.JS web framework as a standalone module. Prior to 1.5.2, an attacker can write a malicious expression using filters that escapes the sandbox to execute arbitrary code on the system. This vulnerability is fixed in 1.5.2.

AI Analysis

Remote Code Execution using filters in Angular Expressions

Basic Information

ID CVE-2026-44643

Source GitHub_M

Published May 11, 2026 at 14:33

Affected Product

Vendor peerigon

Product angular-expressions

Version < 1.5.2

Affected Versions peerigon angular-expressions < 1.5.2

CWE Classification

CWE-95

AI Assessment

AI Score 9.3 / 10

AI Severity Critical

Vendor peerigon

Product angular-expressions

Version < 1.5.2

References

github.com /peerigon/angular-expressions/security/advisories/GHSA-pw8r-6689-xvf4

{
    "lastseen": "",
    "description": "Angular Expressions provides expressions for the Angular.JS web framework as a standalone module. Prior to 1.5.2, an attacker can write a malicious expression using filters that escapes the sandbox to execute arbitrary code on the system. This vulnerability is fixed in 1.5.2.",
    "published": "2026-05-11T14:33:42.630Z",
    "modified": "2026-05-11T14:33:42.630Z",
    "type": "cve",
    "title": "Angular Expressions - Remote Code Execution using filters",
    "source": "GitHub_M",
    "references": "https://github.com/peerigon/angular-expressions/security/advisories/GHSA-pw8r-6689-xvf4",
    "id": "CVE-2026-44643",
    "bulletinFamily": "",
    "cwe": [
        "CWE-95"
    ],
    "cvelist": null,
    "sourceData": "peerigon angular-expressions < 1.5.2",
    "sourceHref": "",
    "cvss": {
        "score": 9.3,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "angular-expressions",
    "version": "< 1.5.2",
    "vendor": "peerigon",
    "ai_description": "Remote Code Execution using filters in Angular Expressions",
    "ai_severity": "Critical",
    "ai_vendor": "peerigon",
    "ai_product": "angular-expressions",
    "ai_version": "< 1.5.2",
    "ai_score": 9.3
}

💭 Join the Security Discussion ❌ Cancel Reply