PT-2026-49565

Name of the Vulnerable Software and Affected Versions Angular versions prior to 22.0.0-rc.2 Angular versions prior to 21.2.16 Angular versions prior to 20.3.24 Angular versions prior to 19.2.25 Description A Cross-Site Scripting XSS issue exists in the domino DOM emulation dependency of...

CVE-2026-44437

The Angular SSR is a server-rise rendering tool for Angular applications. From 19.0.0-next.0 to before 19.2.25, 20.3.25, 21.2.9, and 22.0.0-next.7, a vulnerability exists in the X-Forwarded-Prefix header processing logic within Angular SSR. The internal validation mechanism fails to properly...

@cosla/sensemaking-web-ui (>=1.0.5 <=1.0.8), @manniwatch/client-desktop (>=0.30.0 <=0.30.1) +3 more potentially affected by CVE-2026-44437 via @angular/ssr (>=19.0.5 <=19.2.19)

@angular/ssr NPM version =19.0.5, =1.0.5, =0.30.0, =0.30.0, =19.0.0-alpha.20, =19.0.0-alpha.20, =19.0.0-alpha.24 Source cves: CVE-2026-44437 Source advisory: SNYK:JS-ANGULARSSR-16438975...

@docgeni/angular (=21.0.1), @jamelyassin/shadcn-angular (>=1.0.3 <=1.0.4) +15 more potentially affected by CVE-2026-44437 via @angular/ssr (>=21.1.2 <=21.2.7)

@angular/ssr NPM version =21.1.2, =1.0.3, =1.1.0, =2.0.0, =1.0.0, =0.0.2, =0.5.0, =0.1.2, =1.0.0, =0.0.2, =0.0.3-beta.1 and more Source cves: CVE-2026-44437 Source advisory: OSV:GHSA-69XR-M8H6-H664...

@hmcts/media-viewer (>=4.2.16-exui-4425 <=4.2.16-exui-4425-rel1) potentially affected by CVE-2026-33397 via @angular/ssr (=20.3.18)

@angular/ssr NPM version =20.3.18 is affected by a known vulnerability. The following packages have a transitive dependency on @angular/ssr and may be impacted: - @hmcts/media-viewer =4.2.16-exui-4425, =4.2.16-exui-4425-rel1 Source cves: CVE-2026-33397 Source advisory: OSV:GHSA-VFX2-HV2G-XJ5F...

Server-side Request Forgery (SSRF)

Overview @angular/ssr is a the Angular server side rendering utilities. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the request handling pipeline due to improper validation of user-controlled HTTP headers such as Host and X-Forwarded-. An attacker can...

create-momentum-app (>=0.1.2 <=0.5.0) potentially affected by CVE-2026-27739 via @angular/ssr (=21.1.2)

@angular/ssr NPM version =21.1.2 is affected by a known vulnerability. The following packages have a transitive dependency on @angular/ssr and may be impacted: - create-momentum-app =0.1.2, =0.5.0 Source cves: CVE-2026-27739 Source advisory: SNYK:JS-ANGULARSSR-15357314...

Angular SSR is vulnerable to SSRF and Header Injection via request handling pipeline

A Server-Side Request Forgery SSRF vulnerability has been identified in the Angular SSR request handling pipeline. The vulnerability exists because Angular’s internal URL reconstruction logic directly trusts and consumes user-controlled HTTP headers specifically the Host and X-Forwarded- family t...

Open Redirect

Overview @angular/ssr is a the Angular server side rendering utilities. Affected versions of this package are vulnerable to Open Redirect via the internal URL processing logic when handling the X-Forwarded-Prefix header. An attacker can cause users to be redirected to arbitrary external domains b...

CVE-2026-27739

The Angular SSR is a server-rise rendering tool for Angular applications. Versions prior to 21.2.0-rc.1, 21.1.5, 20.3.17, and 19.2.21 have a Server-Side Request Forgery SSRF vulnerability in the Angular SSR request handling pipeline. The vulnerability exists because Angular’s internal URL...

CVE-2026-27738 Angular SSR has an Open Redirect via X-Forwarded-Prefix

The Angular SSR is a server-rise rendering tool for Angular applications. An Open Redirect vulnerability exists in the internal URL processing logic in versions on the 19.x branch prior to 19.2.21, the 20.x branch prior to 20.3.17, and the 21.x branch prior to 21.1.5 and 21.2.0-rc.1. The logic...

Angular SSR has a Server-Side Request Forgery (SSRF) flaw

Impact The vulnerability is a Server-Side Request Forgery SSRF flaw within the URL resolution mechanism of Angular's Server-Side Rendering package @angular/ssr. The function createRequestUrl uses the native URL constructor. When an incoming request path e.g., originalUrl or url begins with a doub...

CVE-2025-62427 Server-Side Request Forgery (SSRF) in Angular SSR

The Angular SSR is a server-rise rendering tool for Angular applications. The vulnerability is a Server-Side Request Forgery SSRF flaw within the URL resolution mechanism of Angular's Server-Side Rendering package @angular/ssr before 19.2.18, 20.3.6, and 21.0.0-next.8. The function createRequestU...

@manniwatch/client-desktop (>=0.30.0 <=0.30.1), @manniwatch/client-ng (>=0.30.0 <=0.30.1) +2 more potentially affected by CVE-2025-59052 via @angular/ssr (>=19.0.5 <=19.2.1)

@angular/ssr NPM version =19.0.5, =0.30.0, =0.30.0, =19.0.0-alpha.20, =19.0.0-alpha.20, =19.0.0-alpha.24 Source cves: CVE-2025-59052 Source advisory: OSV:GHSA-68X2-MX4Q-78M7...