EUVD-2026-38294

🗓️ 22 Jun 2026 15:40:32Reported by EUVDType

SSRF in Angular SSR allows attacker-controlled hostname via absolute URLs; fixed in specified versions.

Reporter	Title	Published	Views	Family All 12
ATTACKERKB	CVE-2026-46417	22 Jun 202615:40	–	attackerkb
Circl	CVE-2026-46417	15 May 202617:50	–	circl
CVE	CVE-2026-46417	22 Jun 202615:40	–	cve
Cvelist	CVE-2026-46417 Angular: SSRF via Hostname Hijacking in @angular/platform-server	22 Jun 202615:40	–	cvelist
Github Security Blog	@angular/platform-server: SSRF via Hostname Hijacking	19 May 202620:29	–	github
NVD	CVE-2026-46417	22 Jun 202618:16	–	nvd
OSV	GHSA-RFH7-FXQC-Q52V @angular/platform-server: SSRF via Hostname Hijacking	19 May 202620:29	–	osv
OSV	UBUNTU-CVE-2026-46417	23 Jun 202600:00	–	osv
Positive Technologies	PT-2026-41374	15 May 202600:00	–	ptsecurity
Snyk	Server-side Request Forgery (SSRF)	19 May 202620:29	–	snyk

[
  {
    "enisaIdVendor": [
      {
        "id": "b9f8375b-2fb1-3d49-9d4d-28a543f26b8d",
        "vendor": {
          "name": "angular"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "74590e3b-723b-36c5-a237-b7cb4419cb4d",
        "product": {
          "name": "angular",
          "vendor": {
            "name": "angular"
          }
        },
        "product_version": "20.0.0-next.0, < 20.3.21"
      },
      {
        "id": "974c4c82-afdd-387b-bbda-1a8024d92ae4",
        "product": {
          "name": "angular",
          "vendor": {
            "name": "angular"
          }
        },
        "product_version": "≤ 18.2.14"
      },
      {
        "id": "d04de655-bb4d-371b-9aa1-7b79e9c52808",
        "product": {
          "name": "angular",
          "vendor": {
            "name": "angular"
          }
        },
        "product_version": "21.0.0-next.0, < 21.2.13"
      },
      {
        "id": "e78e3de7-1a8d-35bb-8d2b-25b85a22ec51",
        "product": {
          "name": "angular",
          "vendor": {
            "name": "angular"
          }
        },
        "product_version": "22.0.0-next.0, < 22.0.0-next.12"
      },
      {
        "id": "e8bb26ff-4401-394a-ac43-a84f9b4af5b2",
        "product": {
          "name": "angular",
          "vendor": {
            "name": "angular"
          }
        },
        "product_version": "19.0.0-next.0, < 19.2.22"
      }
    ]
  }
]

Source	Link
github	www.github.com/angular/angular/security/advisories/GHSA-rfh7-fxqc-q52v
github	www.github.com/angular/angular/pull/68570

22 Jun 2026 15:48Current

5.9Medium risk

Vulners AI Score5.9

CVSS 48.8

EPSS0.00051