CVE-2026-44643
Published: 11 May 2026
Summary
CVE-2026-44643 is a critical-severity Eval Injection (CWE-95) vulnerability in Peerigon Angular-Expressions. Its CVSS base score is 10.0 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 28.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
Threat & Defense at a Glance
Threat & Defense Details
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Sandbox escape in AngularJS expression evaluation directly enables client-side arbitrary code execution via malicious input (CWE-95).
NVD Description
Angular Expressions provides expressions for the Angular.JS web framework as a standalone module. Prior to 1.5.2, an attacker can write a malicious expression using filters that escapes the sandbox to execute arbitrary code on the system. This vulnerability is fixed…
more
in 1.5.2.
Deeper analysisAI
Automated synthesis unavailable for this CVE.
Details
- CWE(s)