CVE-2026-44643
Code Execution in Angular Expressions via Sandbox Escape
Publication date: 2026-05-11
Last updated on: 2026-05-11
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| peerigon | angular_expressions | to 1.5.2 (exc) |
| peerigon | angular_expressions | 1.5.2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-95 | The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes code syntax before using the input in a dynamic evaluation call (e.g. "eval"). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The CVE-2026-44643 vulnerability affects the angular-expressions npm package versions 1.5.1 and earlier. It allows an attacker to write malicious expressions that bypass the sandbox protections, enabling the execution of arbitrary code on the system. This means that the attacker can run any code they want, potentially taking full control of the affected system. The vulnerability is due to improper neutralization of directives in dynamically evaluated code, classified under CWE-95.
How can this vulnerability impact me? :
This vulnerability can have a critical impact as it allows remote code execution without any user interaction or privileges required. An attacker exploiting this flaw could gain full system access, potentially leading to data theft, system compromise, or further attacks within the network.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability affects the npm package angular-expressions versions 1.5.1 and earlier. Detection involves identifying if your system or network is running a vulnerable version of this package.
You can check the installed version of angular-expressions in your project by running the following command in your project directory:
- npm list angular-expressions
If the version is 1.5.1 or earlier, your system is vulnerable.
Additionally, monitoring for suspicious activity involving Angular expressions that attempt to escape sandbox restrictions or execute arbitrary code may help detect exploitation attempts, but no specific detection commands are provided.
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to upgrade the angular-expressions package to version 1.5.2 or later, where the issue is fixed.
Ensure that your project dependencies are updated by running:
- npm install [email protected]
After upgrading, verify that the new version is installed by running:
- npm list angular-expressions
Additionally, review your codebase for any use of Angular expressions that could be exploited and apply best practices to avoid executing untrusted expressions.