PT-2026-33384 · Josdejong+2 · Math.Js
Jos De Jong
+1
·
Published
2026-04-16
·
Updated
2026-05-19
·
CVE-2026-40897
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Math.js versions 13.1.1 through 15.1.x
Description
An issue in the expression parser allows the execution of arbitrary JavaScript. This occurs in applications where users are permitted to evaluate arbitrary expressions using the mathjs expression parser.
Recommendations
Update to version 15.2.0.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Math.Js