{"vulnerability": "CVE-2026-4464", "sightings": [{"uuid": "2d85b5b8-5ce5-434d-994f-5e2b33ef7645", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-44648", "type": "published-proof-of-concept", "source": "https://github.com/SillyTavern/SillyTavern/security/advisories/GHSA-wmm3-h9qj-p5v6", "content": "", "creation_timestamp": "2026-05-11T20:48:45.000000Z"}, {"uuid": "2e228c0f-7789-465b-8a4b-0ee17926ef45", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44648", "type": "seen", "source": "Telegram/J5ZhgOkVkOGh10nZtfdr_FvjUVC9Q3mZbF4dClPdmsBvh90", "content": "", "creation_timestamp": "2026-05-08T07:04:33.000000Z"}, {"uuid": "5b9afd06-58e9-4a7c-9aee-d08cca81083d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44648", "type": "seen", "source": "Telegram/9hUmSN7ug2EVEMoe54drMVTAFxceMDTI0JA9Kzj6srBhh7g", "content": "", "creation_timestamp": "2026-05-08T09:00:04.000000Z"}, {"uuid": "b97e4192-e87f-43cc-9fb6-c2fa4c3f673e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4464", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mhmg462eys2c", "content": "", "creation_timestamp": "2026-03-22T01:41:28.366810Z"}, {"uuid": "7968325f-7d50-4e0b-a6c8-ede0b658089e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-4464", "type": "seen", "source": "https://www.hkcert.org/security-bulletin/microsoft-edge-multiple-vulnerabilities_20260324", "content": "", "creation_timestamp": "2026-03-24T01:00:00.000000Z"}, {"uuid": "a89bf30b-0b02-45fc-ad08-18268bd10bee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4464", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/116260242412284268", "content": "", "creation_timestamp": "2026-03-20T07:08:35.791378Z"}, {"uuid": "20b087a7-b98d-435b-b4c1-93500f53c511", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44643", "type": "seen", "source": "https://gist.github.com/alon710/8d25a2ec6d3cfd7d6115a0f90a1bb719", "content": "# CVE-2026-44643: CVE-2026-44643: Sandbox Escape and Remote Code Execution in angular-expressions\n\n> **CVSS Score:** 9.3\n> **Published:** 2026-05-11\n> **Full Report:** https://cvereports.com/reports/CVE-2026-44643\n\n## Summary\nCVE-2026-44643 is a critical sandbox escape vulnerability in the peerigon/angular-expressions library. The flaw permits unauthenticated remote code execution via prototype traversal and improper validation of filter expressions. By crafting specific malicious inputs, attackers can access the global Function constructor.\n\n## TL;DR\nA critical sandbox escape in angular-expressions < 1.5.2 allows RCE via prototype traversal in malicious filter definitions.\n\n## Exploit Status: POC\n\n## Technical Details\n\n- **CWE ID**: CWE-95\n- **CVSS v4.0**: 9.3\n- **Attack Vector**: Network\n- **Impact**: Remote Code Execution (RCE)\n- **Privileges Required**: None\n- **CISA KEV Status**: Not Listed\n\n## Affected Systems\n\n- Node.js environments utilizing peerigon/angular-expressions\n- Browser applications relying on client-side expression evaluation\n- **angular-expressions**: < 1.5.2 (Fixed in: `1.5.2`)\n\n## Mitigation\n\n- Upgrade Library\n- Runtime Hardening\n- Input Validation\n- Content Security Policy\n\n**Remediation Steps:**\n1. Update package.json to require angular-expressions version 1.5.2 or higher.\n2. Execute 'npm install' or 'yarn install' to pull the patched dependency into the build environment.\n3. Deploy the updated application to production environments.\n4. Modify the Node.js startup command to include the '--disable-proto=delete' flag.\n5. Implement application-level filtering to reject strings containing 'constructor' or '__proto__'.\n\n## References\n\n- [GitHub Security Advisory GHSA-pw8r-6689-xvf4](https://github.com/peerigon/angular-expressions/security/advisories/GHSA-pw8r-6689-xvf4)\n- [NVD Record for CVE-2026-44643](https://nvd.nist.gov/vuln/detail/CVE-2026-44643)\n- [angular-expressions GitHub Repository](https://github.com/peerigon/angular-expressions)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-44643) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-05-11T16:40:29.000000Z"}, {"uuid": "5670f327-726a-441d-a150-71d8df7c2ea4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-44641", "type": "published-proof-of-concept", "source": "https://github.com/microsoft/apm/security/advisories/GHSA-xhrw-5qxx-jpwr", "content": "", "creation_timestamp": "2026-05-03T08:34:38.000000Z"}, {"uuid": "934a57bd-566b-4fae-9655-b6e55f8a3222", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-44649", "type": "published-proof-of-concept", "source": "https://github.com/SillyTavern/SillyTavern/security/advisories/GHSA-gxx6-h3g6-vwjh", "content": "", "creation_timestamp": "2026-05-11T20:55:05.000000Z"}, {"uuid": "58cad003-09a8-43c5-adce-aaa366a1608c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44648", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mmzncomdn62v", "content": "\ud83d\udfe0 CVE-2026-44648 - High (7.5)\n\nSillyTavern is a locally installed user interface that allows users to interact with text generat...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-44648/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-29T23:00:59.027594Z"}, {"uuid": "5a993530-c1db-4b11-b21c-29d398ee52ac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44649", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mmztyivcqg2q", "content": "\ud83d\udd34 CVE-2026-44649 - Critical (9.8)\n\nSillyTavern is a locally installed user interface that allows users to interact with text generat...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-44649/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-30T01:00:33.288066Z"}]}