3 matches found
CVE-2026-50557
CVE-2026-50557 concerns Angular’s template sanitization bypass via namespace handling in @angular/compiler and @angular/core. The issue allows namespaced elements (e.g., svg:script or ) to escape script-element recognition and for security context attribute mappings to bypass runtime/compile-time...
GHSA-F3M7-GQXR-G87X Angular: Template and Attribute Namespace Sanitization Bypass (XSS)
An issue in the @angular/compiler and @angular/core packages allows bypassing element and attribute sanitization/validation through specific namespace workarounds. Specifically, namespaced script elements e.g., or were not properly identified as script elements by the Angular template preparser,...
PT-2026-49567
Name of the Vulnerable Software and Affected Versions Angular versions prior to 22.0.0-rc.2 Angular versions prior to 21.2.15 Angular versions prior to 20.3.22 Angular versions prior to 19.2.22 Description An issue in the @angular/compiler and @angular/core packages allows bypassing element and...