Copyright © 2012 Red Hat, Inc. All rights reserved. Important 2026-05-07T05:06:28 mathjs: math.js: Arbitrary code execution via expression parser 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CWE-94

A flaw was found in math.js, an extensive math library for JavaScript and Node.js. This vulnerability allows an attacker to execute arbitrary JavaScript code by exploiting the expression parser. This could lead to a complete compromise of the system where math.js is used.

Cryostat 4 Not affected grafana-infinity-datasource-npm Red Hat Developer Hub Not affected rhdh/rhdh-hub-rhel9 Red Hat Enterprise Linux 10 Not affected qt6-qtbase Red Hat Enterprise Linux 8 Not affected qt5-qtbase Red Hat Enterprise Linux 9 Not affected qt5-qtbase Red Hat OpenShift AI (RHOAI) Not affected rhoai/odh-dashboard-rhel9 Red Hat OpenShift AI (RHOAI) Not affected rhoai/odh-mod-arch-gen-ai-rhel9 Red Hat OpenShift AI (RHOAI) Not affected rhoai/odh-mod-arch-maas-rhel9 Red Hat OpenShift AI (RHOAI) Not affected rhoai/odh-mod-arch-model-registry-rhel9 Red Hat OpenShift Container Platform 4 Not affected openshift4/ose-monitoring-plugin-rhel9 Self-service automation portal 2 Not affected ansible-automation-platform/automation-portal https://www.cve.org/CVERecord?id=CVE-2026-41139 https://nvd.nist.gov/vuln/detail/CVE-2026-41139 https://github.com/josdejong/mathjs/commit/0aee2f61866e35ffa0aef915221cdf6b026ffdd4 https://github.com/josdejong/mathjs/commit/bcf0da46f0b8577ec03c9ecd7bff8b5c2543a611 https://github.com/josdejong/mathjs/pull/3656 https://github.com/josdejong/mathjs/releases/tag/v15.2.0 https://github.com/josdejong/mathjs/security/advisories/GHSA-5v89-rwgr-qj6g