EUVD-2026-38296

🗓️ 22 Jun 2026 15:42:05Reported by EUVDType

Angular service worker could leak credentials and cache private data; fixed in 22.0.0-rc.2.

Reporter	Title	Published	Views	Family All 10
ATTACKERKB	CVE-2026-50184	22 Jun 202615:42	–	attackerkb
CVE	CVE-2026-50184	22 Jun 202615:42	–	cve
Cvelist	CVE-2026-50184 Angular: Request Credential & Cache Policy Stripping in Angular Service Worker	22 Jun 202615:42	–	cvelist
Github Security Blog	@angular/service-worker: Request Credential & Cache Policy Stripping	15 Jun 202617:13	–	github
NVD	CVE-2026-50184	22 Jun 202618:16	–	nvd
OSV	GHSA-95QP-CMMW-MGQV @angular/service-worker: Request Credential & Cache Policy Stripping	15 Jun 202617:13	–	osv
OSV	UBUNTU-CVE-2026-50184	23 Jun 202600:00	–	osv
Positive Technologies	PT-2026-49563	15 Jun 202600:00	–	ptsecurity
Snyk	Use of Cache Containing Sensitive Information	15 Jun 202617:13	–	snyk
Vulnrichment	CVE-2026-50184 Angular: Request Credential & Cache Policy Stripping in Angular Service Worker	22 Jun 202615:42	–	vulnrichment

[
  {
    "enisaIdVendor": [
      {
        "id": "4f394a51-72cf-3068-910f-5df994d1084f",
        "vendor": {
          "name": "angular"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "03dbebb5-661a-379a-ad9d-05b9d1f2263e",
        "product": {
          "name": "angular",
          "vendor": {
            "name": "angular"
          }
        },
        "product_version": "22.0.0-next.0, < 22.0.0-rc.2"
      },
      {
        "id": "36e8e6d4-c46a-3420-bb76-f324a0eb8d4d",
        "product": {
          "name": "angular",
          "vendor": {
            "name": "angular"
          }
        },
        "product_version": "19.0.0-next.0, < 19.2.23"
      },
      {
        "id": "499585ac-dd01-3d38-be05-d24fdc07ed25",
        "product": {
          "name": "angular",
          "vendor": {
            "name": "angular"
          }
        },
        "product_version": "20.0.0-next.0, < 20.3.22"
      },
      {
        "id": "9cf7d1bd-1275-3104-a370-e1f4d3eddc90",
        "product": {
          "name": "angular",
          "vendor": {
            "name": "angular"
          }
        },
        "product_version": "21.0.0-next.0, < 21.2.15"
      },
      {
        "id": "ad85775a-089d-3bdd-854f-af8e781756a0",
        "product": {
          "name": "angular",
          "vendor": {
            "name": "angular"
          }
        },
        "product_version": "≤ 18.2.14"
      }
    ]
  }
]

Source	Link
github	www.github.com/angular/angular/security/advisories/GHSA-95qp-cmmw-mgqv
github	www.github.com/angular/angular/pull/68904

22 Jun 2026 15:50Current

5.9Medium risk

Vulners AI Score5.9

CVSS 45.7

EPSS0.00021