CVE-2026-44643

Description

Angular Expressions provides expressions for the Angular.JS web framework as a standalone module. Prior to 1.5.2, an attacker can write a malicious expression using filters that escapes the sandbox to execute arbitrary code on the system. This vulnerability is fixed in 1.5.2.

References

• https://github.com/peerigon/angular-expressions/security/advisories/GHSA-pw8r-6689-xvf4