CVE-2026-44437

The Angular SSR is a server-rise rendering tool for Angular applications. From 19.0.0-next.0 to before 19.2.25, 20.3.25, 21.2.9, and 22.0.0-next.7, a vulnerability exists in the X-Forwarded-Prefix header processing logic within Angular SSR. The internal validation mechanism fails to properly...

CVE-2026-44437 Angular SSR: Open Redirect and Request Steering via Encoded X-Forwarded-Prefix

The Angular SSR is a server-rise rendering tool for Angular applications. From 19.0.0-next.0 to before 19.2.25, 20.3.25, 21.2.9, and 22.0.0-next.7, a vulnerability exists in the X-Forwarded-Prefix header processing logic within Angular SSR. The internal validation mechanism fails to properly...

@cosla/sensemaking-web-ui (>=1.0.5 <=1.0.8), @manniwatch/client-desktop (>=0.30.0 <=0.30.1) +3 more potentially affected by CVE-2026-44437 via @angular/ssr (>=19.0.5 <=19.2.19)

@angular/ssr NPM version =19.0.5, =1.0.5, =0.30.0, =0.30.0, =19.0.0-alpha.20, =19.0.0-alpha.20, =19.0.0-alpha.24 Source cves: CVE-2026-44437 Source advisory: OSV:GHSA-69XR-M8H6-H664...

PT-2026-38316

Name of the Vulnerable Software and Affected Versions Angular SSR versions 19.0.0-next.0 through 19.2.24 Angular SSR versions 20.x through 20.3.24 Angular SSR versions 21.x through 21.2.8 Angular SSR versions 22.0.0-next.0 through 22.0.0-next.6 Description An issue exists in the processing logic ...

Protocol-Relative URL Injection via Single Backslash Bypass in Angular SSR

An Open Redirect vulnerability exists in @angular/ssr due to an incomplete fix for CVE-2026-27738. While the original fix successfully blocked multiple leading slashes e.g., ///, the internal validation logic fails to account for a single backslash \ bypass. When an Angular SSR application is...

CVE-2026-27739

The Angular SSR is a server-rise rendering tool for Angular applications. Versions prior to 21.2.0-rc.1, 21.1.5, 20.3.17, and 19.2.21 have a Server-Side Request Forgery SSRF vulnerability in the Angular SSR request handling pipeline. The vulnerability exists because Angular’s internal URL...

create-momentum-app (>=0.1.2 <=0.5.0) potentially affected by CVE-2026-27739 via @angular/ssr (=21.1.2)

@angular/ssr NPM version =21.1.2 is affected by a known vulnerability. The following packages have a transitive dependency on @angular/ssr and may be impacted: - create-momentum-app =0.1.2, =0.5.0 Source cves: CVE-2026-27739 Source advisory: OSV:GHSA-X288-3778-4HHX...

@adel-t/angular-ssr (>=1.0.0 <=1.0.2), @angularexpert/my-workspace (=0.0.0) +62 more potentially affected by CVE-2026-27739 via @angular/ssr (>=17.0.5 <=19.2.19)

@angular/ssr NPM version =17.0.5, =1.0.0, =3.1.1-0, =1.0.0, =0.0.1, =0.0.1, =19.3.0, =0.30.0, =0.30.0, =19.0.0-alpha.20, =19.0.0-alpha.20, =0.1.0, =0.2.0 - @quest-poc/my-angular-app =0.0.0 and more Source cves: CVE-2026-27739 Source advisory: OSV:GHSA-X288-3778-4HHX...

CVE-2026-27739

CVE-2026-27739 affects Angular SSR, with an SSRF vulnerability in the request handling pipeline. Versions prior to 21.2.0-rc.1, 21.1.5, 20.3.17, and 19.2.21 allow unvalidated Host and X-Forwarded-* headers to influence base-origin URL construction, enabling arbitrary internal request steering via...

CVE-2026-27738 Angular SSR has an Open Redirect via X-Forwarded-Prefix

The Angular SSR is a server-rise rendering tool for Angular applications. An Open Redirect vulnerability exists in the internal URL processing logic in versions on the 19.x branch prior to 19.2.21, the 20.x branch prior to 20.3.17, and the 21.x branch prior to 21.1.5 and 21.2.0-rc.1. The logic...

PT-2026-21966

Name of the Vulnerable Software and Affected Versions Angular SSR versions prior to 21.2.0-rc.1, 21.1.5, 20.3.17, and 19.2.21 Description Angular SSR, a server-side rendering tool for Angular applications, contains a Server-Side Request Forgery SSRF issue in its request handling pipeline. The...

@dl3g0/primeng (=17.17.0-20.0.3), @hmcts/ccd-case-ui-toolkit (>=7.3.49-4369 <=7.3.51) +15 more potentially affected by CVE-2025-62427 via @angular/ssr (>=20.3.18 <=20.3.25)

@angular/ssr NPM version =20.3.18, =7.3.49-4369, =4.2.4-exui-3994-f, =0.0.4, =0.3.0, =20.0.0, =0.0.0, =1.0.2, =0.0.0, =0.1.0, =0.0.8, =0.0.12 and more Source cves: CVE-2025-62427 Source advisory: OSV:GHSA-Q63Q-PGMF-MXHR...

@dl3g0/primeng (=17.17.0-20.0.3), @hmcts/ccd-case-ui-toolkit (>=7.3.49-4369 <=7.3.51) +15 more potentially affected by CVE-2025-62427 via @angular/ssr (>=20.3.18 <=20.3.25)

@angular/ssr NPM version =20.3.18, =7.3.49-4369, =4.2.4-exui-3994-f, =0.0.4, =0.3.0, =20.0.0, =0.0.0, =1.0.2, =0.0.0, =0.1.0, =0.0.8, =0.0.12 and more Source cves: CVE-2025-62427 Source advisory: SNYK:JS-ANGULARSSR-13635722...

Server-side Request Forgery (SSRF)

Overview @angular/ssr is a the Angular server side rendering utilities. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the createRequestUrl function. An attacker can cause the server to make arbitrary HTTP requests to external domains by supplying a...

@manniwatch/client-desktop (>=0.30.0 <=0.30.1), @manniwatch/client-ng (>=0.30.0 <=0.30.1) +2 more potentially affected by CVE-2025-59052 via @angular/ssr (>=19.0.5 <=19.2.1)

@angular/ssr NPM version =19.0.5, =0.30.0, =0.30.0, =19.0.0-alpha.20, =19.0.0-alpha.20, =19.0.0-alpha.24 Source cves: CVE-2025-59052 Source advisory: SNYK:JS-ANGULARSSR-12613576...