{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-12866", "assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "state": "PUBLISHED", "assignerShortName": "snyk", "dateReserved": "2026-06-22T08:22:34.991Z", "datePublished": "2026-06-23T05:00:00.763Z", "dateUpdated": "2026-06-27T15:25:05.793Z"}, "containers": {"cna": {"metrics": [{"cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "exploitCodeMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "cvssV4_0": {"version": "4.0", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "baseScore": 9.2, "baseSeverity": "CRITICAL", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"}}], "credits": [{"value": "Dinh Twan Doan", "lang": "en"}], "problemTypes": [{"descriptions": [{"cweId": "CWE-94", "description": "Code Execution", "lang": "en"}]}], "providerMetadata": {"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "shortName": "snyk", "dateUpdated": "2026-06-27T15:25:05.793Z"}, "descriptions": [{"value": "All versions of the package expr-eval are vulnerable to Code Execution via the toJSFunction() API. An attacker can execute arbitrary JavaScript by supplying crafted expressions that are compiled into native code using new Function(). Because user-controlled expressions are transformed directly into executable JavaScript, attackers can escape the intended expression sandbox and run arbitrary code within the application's context.", "lang": "en"}], "references": [{"url": "https://security.snyk.io/vuln/SNYK-JS-EXPREVAL-15054690"}, {"url": "https://github.com/silentmatt/expr-eval/blob/master/src/expression.js%23L55"}, {"url": "https://github.com/silentmatt/expr-eval/issues/292"}], "affected": [{"product": "expr-eval", "versions": [{"version": "0", "lessThan": "*", "status": "affected", "versionType": "semver"}], "vendor": "n/a"}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-94", "lang": "en", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')"}]}], "references": [{"url": "https://security.snyk.io/vuln/SNYK-JS-EXPREVAL-15054690", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-06-23T12:06:04.423419Z", "id": "CVE-2026-12866", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-23T12:07:54.524Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-12866", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-06-23T12:06:04.423419Z"}}}], "references": [{"url": "https://security.snyk.io/vuln/SNYK-JS-EXPREVAL-15054690", "tags": ["exploit"]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-94", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-23T12:05:41.966Z"}}], "cna": {"credits": [{"lang": "en", "value": "Dinh Twan Doan"}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "exploitCodeMaturity": "NOT_DEFINED", "confidentialityImpact": "HIGH"}, "cvssV4_0": {"version": "4.0", "baseScore": 9.2, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH"}}], "affected": [{"vendor": "n/a", "product": "expr-eval", "versions": [{"status": "affected", "version": "0", "lessThan": "*", "versionType": "semver"}]}], "references": [{"url": "https://security.snyk.io/vuln/SNYK-JS-EXPREVAL-15054690"}, {"url": "https://github.com/silentmatt/expr-eval/blob/master/src/expression.js%23L55"}, {"url": "https://github.com/silentmatt/expr-eval/issues/292"}], "descriptions": [{"lang": "en", "value": "All versions of the package expr-eval are vulnerable to Code Execution via the toJSFunction() API. An attacker can execute arbitrary JavaScript by supplying crafted expressions that are compiled into native code using new Function(). Because user-controlled expressions are transformed directly into executable JavaScript, attackers can escape the intended expression sandbox and run arbitrary code within the application's context."}], "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-94", "description": "Code Execution"}]}], "providerMetadata": {"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "shortName": "snyk", "dateUpdated": "2026-06-27T15:25:05.793Z"}}}, "cveMetadata": {"cveId": "CVE-2026-12866", "state": "PUBLISHED", "dateUpdated": "2026-06-27T15:25:05.793Z", "dateReserved": "2026-06-22T08:22:34.991Z", "assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "datePublished": "2026-06-23T05:00:00.763Z", "assignerShortName": "snyk"}, "dataVersion": "5.2"}

{}

{"bugzilla": {"description": "expr-eval: expr-eval: Code Execution via crafted expressions in toJSFunction() API", "id": "2491633", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2491633"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.2", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "status": "draft"}, "cwe": "CWE-917", "details": ["All versions of the package expr-eval are vulnerable to Code Execution via the toJSFunction() API. An attacker can execute arbitrary JavaScript by supplying crafted expressions that are compiled into native code using new Function(). Because user-controlled expressions are transformed directly into executable JavaScript, attackers can escape the intended expression sandbox and run arbitrary code within the application's context.", "A flaw was found in expr-eval. A remote attacker can exploit this vulnerability by supplying crafted expressions to the toJSFunction() API. These expressions are then compiled into native code using new Function(), allowing the attacker to execute arbitrary JavaScript code. This can lead to arbitrary code execution within the application's context, potentially compromising the system."], "mitigation": {"lang": "en:us", "value": "LangChainJS already replaced expr-eval with math-expression-evaluator in a later @langchain/community release (fix for CVE-2025-12735). Bootc owners should bump @langchain/community to a version that no longer bundles expr-eval, which removes the dead dependency entirely."}, "name": "CVE-2026-12866", "package_state": [{"cpe": "cpe:/a:redhat:enterprise_linux_ai:3", "fix_state": "Fix deferred", "package_name": "rhelai3/bootc-cuda-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI) 3"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:3", "fix_state": "Fix deferred", "package_name": "rhelai3/bootc-gaudi-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI) 3"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:3", "fix_state": "Fix deferred", "package_name": "rhelai3/bootc-rocm-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI) 3"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:3", "fix_state": "Fix deferred", "package_name": "rhelai3/disk-image-cuda-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI) 3"}], "public_date": "2026-06-23T05:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-12866\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-12866\nhttps://github.com/silentmatt/expr-eval/blob/master/src/expression.js%23L55\nhttps://github.com/silentmatt/expr-eval/issues/292\nhttps://security.snyk.io/vuln/SNYK-JS-EXPREVAL-15054690"], "statement": "RHEL AI 3.4 bootc images ship expr-eval@2.0.2 as a dependency of @langchain/community. The only identified consumer is the LangChain Calculator tool, which calls Parser.evaluate() and does not invoke toJSFunction(). CVE-2026-12866 affects only the toJSFunction() API. No other npm package in the image depends on expr-eval. For this reason the issue is rated Low for RHEL AI.", "threat_severity": "Low"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,*]"}}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}]}, "original": {"product": "expr-eval", "source": "cna", "vendor": "n/a"}, "product": "expr-eval", "vendor": "silentmatt"}], "created": "2026-06-23T06:30:16.645389+00:00", "updated": "2026-06-25T02:15:03.077289+00:00", "vendors": ["silentmatt", "silentmatt$PRODUCT$expr-eval"]}