{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-41139", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-04-17T12:59:15.738Z", "datePublished": "2026-05-07T05:06:28.746Z", "dateUpdated": "2026-05-07T13:41:40.987Z"}, "containers": {"cna": {"title": "Unsafe array index getter in mathjs", "problemTypes": [{"descriptions": [{"cweId": "CWE-915", "lang": "en", "description": "CWE-915: Improperly Controlled Modification of Dynamically-Determined Object Attributes", "type": "CWE"}]}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}}], "references": [{"name": "https://github.com/josdejong/mathjs/security/advisories/GHSA-5v89-rwgr-qj6g", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/josdejong/mathjs/security/advisories/GHSA-5v89-rwgr-qj6g"}, {"name": "https://github.com/josdejong/mathjs/pull/3656", "tags": ["x_refsource_MISC"], "url": "https://github.com/josdejong/mathjs/pull/3656"}, {"name": "https://github.com/josdejong/mathjs/commit/0aee2f61866e35ffa0aef915221cdf6b026ffdd4", "tags": ["x_refsource_MISC"], "url": "https://github.com/josdejong/mathjs/commit/0aee2f61866e35ffa0aef915221cdf6b026ffdd4"}, {"name": "https://github.com/josdejong/mathjs/commit/bcf0da46f0b8577ec03c9ecd7bff8b5c2543a611", "tags": ["x_refsource_MISC"], "url": "https://github.com/josdejong/mathjs/commit/bcf0da46f0b8577ec03c9ecd7bff8b5c2543a611"}, {"name": "https://github.com/josdejong/mathjs/releases/tag/v15.2.0", "tags": ["x_refsource_MISC"], "url": "https://github.com/josdejong/mathjs/releases/tag/v15.2.0"}], "affected": [{"vendor": "josdejong", "product": "mathjs", "versions": [{"version": ">= 13.1.0, < 15.2.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-05-07T05:06:28.746Z"}, "descriptions": [{"lang": "en", "value": "Math.js is an extensive math library for JavaScript and Node.js. From version 13.1.0 to before version 15.2.0, arbitrary JavaScript can be executed via the expression parser of mathjs. This issue has been patched in version 15.2.0."}], "source": {"advisory": "GHSA-5v89-rwgr-qj6g", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-05-07T13:41:05.634680Z", "id": "CVE-2026-41139", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-07T13:41:40.987Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-41139", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-05-07T13:41:05.634680Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-07T13:41:15.362Z"}}], "cna": {"title": "Unsafe array index getter in mathjs", "source": {"advisory": "GHSA-5v89-rwgr-qj6g", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_0": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "josdejong", "product": "mathjs", "versions": [{"status": "affected", "version": ">= 13.1.0, < 15.2.0"}]}], "references": [{"url": "https://github.com/josdejong/mathjs/security/advisories/GHSA-5v89-rwgr-qj6g", "name": "https://github.com/josdejong/mathjs/security/advisories/GHSA-5v89-rwgr-qj6g", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/josdejong/mathjs/pull/3656", "name": "https://github.com/josdejong/mathjs/pull/3656", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/josdejong/mathjs/commit/0aee2f61866e35ffa0aef915221cdf6b026ffdd4", "name": "https://github.com/josdejong/mathjs/commit/0aee2f61866e35ffa0aef915221cdf6b026ffdd4", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/josdejong/mathjs/commit/bcf0da46f0b8577ec03c9ecd7bff8b5c2543a611", "name": "https://github.com/josdejong/mathjs/commit/bcf0da46f0b8577ec03c9ecd7bff8b5c2543a611", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/josdejong/mathjs/releases/tag/v15.2.0", "name": "https://github.com/josdejong/mathjs/releases/tag/v15.2.0", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Math.js is an extensive math library for JavaScript and Node.js. From version 13.1.0 to before version 15.2.0, arbitrary JavaScript can be executed via the expression parser of mathjs. This issue has been patched in version 15.2.0."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-915", "description": "CWE-915: Improperly Controlled Modification of Dynamically-Determined Object Attributes"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-05-07T05:06:28.746Z"}}}, "cveMetadata": {"cveId": "CVE-2026-41139", "state": "PUBLISHED", "dateUpdated": "2026-05-07T13:41:40.987Z", "dateReserved": "2026-04-17T12:59:15.738Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-05-07T05:06:28.746Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mathjs:mathjs:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "9F4FB8F3-ED49-4781-80E5-90123FD1A6BE", "versionEndExcluding": "15.2.0", "versionStartIncluding": "13.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Math.js is an extensive math library for JavaScript and Node.js. From version 13.1.0 to before version 15.2.0, arbitrary JavaScript can be executed via the expression parser of mathjs. This issue has been patched in version 15.2.0."}], "id": "CVE-2026-41139", "lastModified": "2026-05-08T17:06:03.997", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-05-07T06:16:04.273", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/josdejong/mathjs/commit/0aee2f61866e35ffa0aef915221cdf6b026ffdd4"}, {"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/josdejong/mathjs/commit/bcf0da46f0b8577ec03c9ecd7bff8b5c2543a611"}, {"source": "security-advisories@github.com", "tags": ["Issue Tracking", "Patch"], "url": "https://github.com/josdejong/mathjs/pull/3656"}, {"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/josdejong/mathjs/releases/tag/v15.2.0"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://github.com/josdejong/mathjs/security/advisories/GHSA-5v89-rwgr-qj6g"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-915"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{"bugzilla": {"description": "mathjs: math.js: Arbitrary code execution via expression parser", "id": "2467648", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467648"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-94", "details": ["A flaw was found in math.js, an extensive math library for JavaScript and Node.js. This vulnerability allows an attacker to execute arbitrary JavaScript code by exploiting the expression parser. This could lead to a complete compromise of the system where math.js is used."], "name": "CVE-2026-41139", "package_state": [{"cpe": "cpe:/a:redhat:cryostat:4", "fix_state": "Not affected", "package_name": "grafana-infinity-datasource-npm", "product_name": "Cryostat 4"}, {"cpe": "cpe:/a:redhat:rhdh:1", "fix_state": "Not affected", "package_name": "rhdh/rhdh-hub-rhel9", "product_name": "Red Hat Developer Hub"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "qt6-qtbase", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "qt5-qtbase", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "qt5-qtbase", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Not affected", "package_name": "rhoai/odh-dashboard-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Not affected", "package_name": "rhoai/odh-mod-arch-gen-ai-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Not affected", "package_name": "rhoai/odh-mod-arch-maas-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Not affected", "package_name": "rhoai/odh-mod-arch-model-registry-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-monitoring-plugin-rhel9", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:ansible_portal:2", "fix_state": "Not affected", "package_name": "ansible-automation-platform/automation-portal", "product_name": "Self-service automation portal 2"}], "public_date": "2026-05-07T05:06:28Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-41139\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-41139\nhttps://github.com/josdejong/mathjs/commit/0aee2f61866e35ffa0aef915221cdf6b026ffdd4\nhttps://github.com/josdejong/mathjs/commit/bcf0da46f0b8577ec03c9ecd7bff8b5c2543a611\nhttps://github.com/josdejong/mathjs/pull/3656\nhttps://github.com/josdejong/mathjs/releases/tag/v15.2.0\nhttps://github.com/josdejong/mathjs/security/advisories/GHSA-5v89-rwgr-qj6g"], "threat_severity": "Important"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[13.1.0,15.2.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "mathjs", "source": "cna", "vendor": "josdejong"}, "product": "mathjs", "vendor": "josdejong"}], "created": "2026-05-07T06:30:06.185536+00:00", "updated": "2026-05-08T02:00:06.258888+00:00", "vendors": ["josdejong", "josdejong$PRODUCT$mathjs"]}