CVE-2026-44643: CVE-2026-44643: Sandbox Escape and Remote Code Execution in angular-expressions

1 / 2

CVE-2026-44643: CVE-2026-44643: Sandbox Escape and Remote Code Execution in angular-expressions

DEV Community·CVE Reports·21 days ago

#Z0wQx9Nu

#security #cve #cybersecurity #software #expressions #angular

Reading 0:00

15s threshold

CVE-2026-44643: Sandbox Escape and Remote Code Execution in angular-expressions Vulnerability ID: CVE-2026-44643 CVSS Score: 9.3 Published: 2026-05-11 CVE-2026-44643 is a critical sandbox escape vulnerability in the peerigon/angular-expressions library. The flaw permits unauthenticated remote code execution via prototype traversal and improper validation of filter expressions. By crafting specific malicious inputs, attackers can access the global Function constructor. TL;DR A critical sandbox escape in angular-expressions < 1.5.2 allows RCE via prototype traversal in malicious filter definitions.…

Continue reading — create a free account

Join HashtagPLUS to read full articles, follow hashtags, vote, and join the conversation.

Create free account Log in

Menu

CVE-2026-44643: CVE-2026-44643: Sandbox Escape and Remote Code Execution in angular-expressions