Angular-Expressions (<= 1.5.1)

A remote code execution vulnerability (CVE-2026-44643) exists in angular-expressions versions 1.5.1 and earlier, allowing an attacker to execute arbitrary code on the system by crafting a malicious expression that bypasses the sandbox.