Josdejong · Math.Js · CVE-2026-40897
**Name of the Vulnerable Software and Affected Versions**
Math.js versions 13.1.1 through 15.1.x
**Description**
An issue in the expression parser allows the execution of arbitrary JavaScript. This occurs in applications where users are permitted to evaluate arbitrary expressions using the mathjs expression parser.
**Recommendations**
Update to version 15.2.0.