HIGH
josdejong
CVE published 2026-04-24
CVE-2026-40897
CVE-2026-40897 is a high-severity vulnerability in Math.js, a JavaScript and Node.js math library. The vulnerability allows executing arbitrary JavaScript via the expression parser of mathjs. Users of Math.js from version 13.1.1 to before 15.2.0 are affected when they have an application where users can evaluate arbitrary expressions using the mathjs expression parser. This vulnerability is fixed in versi [truncated]