Angular Cli Security Vulnerabilities and Issues — Angular Cli CVE List

AngularAngular Cli

3 matches found

CVE•added 2026/03/13 8:58 p.m.•60 views

CVE-2026-32635

Angular has an XSS vulnerability in the i18n attribute bindings within the Angular runtime and compiler. Before versions 22.0.0-next.3, 21.2.4, 20.3.18, and 19.2.20, enabling internationalization for a security-sensitive attribute (e.g., href) with a data binding to untrusted user data can bypass...

9CVSS5.7AI score0.00339EPSS

CVE•added 2026/03/26 1:46 p.m.•21 views

CVE-2026-33397

The CVE concerns Angular SSR bottleneck/open-redirect in @angular/ssr. Affected series: 22.x before 22.0.0-next.2, 21.x before 21.2.3, and 20.x before 20.3.21, with a patch included in 22.0.0-next.2, 21.2.3, and 20.3.21. Root cause: incomplete fix for CVE-2026-27738 where a single backslash in X-...

6.9CVSS5.8AI score0.00255EPSS

CVE•added 2026/05/13 9:23 p.m.•15 views

CVE-2026-44437

Summary: CVE-2026-44437 affects Angular SSR before fixed versions 19.2.25, 20.3.25, 21.2.9, and 22.0.0-next.7. The vulnerability lies in the X-Forwarded-Prefix header processing: the internal validation does not properly account for URL-encoded characters (notably dots like %2e%2e), enabling enco...

6.9CVSS5.8AI score0.00203EPSS

Web