Npm · Angular-Expressions · CVE-2026-44643
**Name of the Vulnerable Software and Affected Versions**
angular-expressions versions prior to 1.5.2
**Description**
An issue in the angular-expressions library allows unauthenticated attackers to escape the sandbox and execute arbitrary code on the host system. This is achieved by crafting malicious expressions using filters, such as abusing ` proto `, which triggers an eval injection (a technique where an application executes dynamically generated code).
**Recommendations**
Update to version 1.5.2.