Lucene search
K

5 matches found

EUVD
EUVD
added 2026/03/26 1:46 p.m.8 views

EUVD-2026-13897

The Angular SSR is a server-rise rendering tool for Angular applications. Versions on the 22.x branch prior to 22.0.0-next.2, the 21.x branch prior to 21.2.3, and the 20.x branch prior to 20.3.21 have an Open Redirect vulnerability in @angular/ssr due to an incomplete fix for CVE-2026-27738. Whil...

6.9CVSS5.8AI score0.00375EPSS
Exploits0References9
OSV
OSV
added 2026/03/26 1:46 p.m.3 views

CVE-2026-33397 Angular SSR Vulnerable to Protocol-Relative URL Injection via Single Backslash Bypass

The Angular SSR is a server-rise rendering tool for Angular applications. Versions on the 22.x branch prior to 22.0.0-next.2, the 21.x branch prior to 21.2.3, and the 20.x branch prior to 20.3.21 have an Open Redirect vulnerability in @angular/ssr due to an incomplete fix for CVE-2026-27738. Whil...

6.9CVSS5.9AI score0.00255EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/03/26 1:46 p.m.6 views

CVE-2026-33397 Angular SSR Vulnerable to Protocol-Relative URL Injection via Single Backslash Bypass

The Angular SSR is a server-rise rendering tool for Angular applications. Versions on the 22.x branch prior to 22.0.0-next.2, the 21.x branch prior to 21.2.3, and the 20.x branch prior to 20.3.21 have an Open Redirect vulnerability in @angular/ssr due to an incomplete fix for CVE-2026-27738. Whil...

6.9CVSS5.9AI score0.00255EPSS
Exploits0References3
CVE
CVE
added 2026/03/26 1:46 p.m.28 views

CVE-2026-33397

The CVE concerns Angular SSR bottleneck/open-redirect in @angular/ssr. Affected series: 22.x before 22.0.0-next.2, 21.x before 21.2.3, and 20.x before 20.3.21, with a patch included in 22.0.0-next.2, 21.2.3, and 20.3.21. Root cause: incomplete fix for CVE-2026-27738 where a single backslash in X-...

6.9CVSS5.8AI score0.00255EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/03/19 9:22 p.m.4 views

GHSA-VFX2-HV2G-XJ5F Protocol-Relative URL Injection via Single Backslash Bypass in Angular SSR

An Open Redirect vulnerability exists in @angular/ssr due to an incomplete fix for CVE-2026-27738. While the original fix successfully blocked multiple leading slashes e.g., ///, the internal validation logic fails to account for a single backslash \ bypass. When an Angular SSR application is...

6.9CVSS5.7AI score0.00255EPSS
Exploits0References5
Rows per page
Query Builder