Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-50169 (GCVE-0-2026-50169)
Vulnerability from cvelistv5 – Published: 2026-06-22 15:41 – Updated: 2026-06-22 17:32
VLAI
EPSS
Title
Angular Service Worker Policy-Bypass & Credential-Stripping Vulnerabilities
Summary
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15 20.3.22, and 19.2.23, an issue in the @angular/service-worker package compromises the integrity of request-policy enforcement during request reconstruction. When the Angular Service Worker intercepts network requests for matched assets, it reconstructs a new Request object using an internal helper function. During this reconstruction process, the helper function strips the strict, client-defined request redirect policy configuration (such as redirect: 'error'), falling back to the browser's default 'follow' strategy. If the target web application makes client-side requests with a strict policy (e.g., expecting a network error instead of automatically following redirects), the service worker will bypass this instruction and automatically follow HTTP 3xx redirects to other destinations. This acts as an unintended proxy/intermediary ("Confused Deputy") and can result in cookie/credential exposure or same-origin session-restricted data leakage if public dynamic routes redirect to sensitive routes. This vulnerability is fixed in 22.0.0-rc.2, 21.2.15, 20.3.22, and 19.2.23.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/angular/angular/security/advis… | x_refsource_CONFIRM |
| https://github.com/angular/angular/pull/67494 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-50169",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-22T17:32:21.478134Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-22T17:32:36.408Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "angular",
"vendor": "angular",
"versions": [
{
"status": "affected",
"version": "\u003e= 22.0.0-next.0, \u003c 22.0.0-rc.2"
},
{
"status": "affected",
"version": "\u003e= 21.0.0-next.0, \u003c 21.2.15"
},
{
"status": "affected",
"version": "\u003e= 20.0.0-next.0, \u003c 20.3.22"
},
{
"status": "affected",
"version": "\u003e= 19.0.0-next.0, \u003c 19.2.23"
},
{
"status": "affected",
"version": "\u003c= 18.2.14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15 20.3.22, and 19.2.23, an issue in the @angular/service-worker package compromises the integrity of request-policy enforcement during request reconstruction. When the Angular Service Worker intercepts network requests for matched assets, it reconstructs a new Request object using an internal helper function. During this reconstruction process, the helper function strips the strict, client-defined request redirect policy configuration (such as redirect: \u0027error\u0027), falling back to the browser\u0027s default \u0027follow\u0027 strategy. If the target web application makes client-side requests with a strict policy (e.g., expecting a network error instead of automatically following redirects), the service worker will bypass this instruction and automatically follow HTTP 3xx redirects to other destinations. This acts as an unintended proxy/intermediary (\"Confused Deputy\") and can result in cookie/credential exposure or same-origin session-restricted data leakage if public dynamic routes redirect to sensitive routes. This vulnerability is fixed in 22.0.0-rc.2, 21.2.15, 20.3.22, and 19.2.23."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-441",
"description": "CWE-441: Unintended Proxy or Intermediary (\u0027Confused Deputy\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-524",
"description": "CWE-524: Use of Cache Containing Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-22T15:46:26.364Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/angular/angular/security/advisories/GHSA-gv2q-mqqv-365m",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/angular/angular/security/advisories/GHSA-gv2q-mqqv-365m"
},
{
"name": "https://github.com/angular/angular/pull/67494",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/angular/angular/pull/67494"
}
],
"source": {
"advisory": "GHSA-gv2q-mqqv-365m",
"discovery": "UNKNOWN"
},
"title": "Angular Service Worker Policy-Bypass \u0026 Credential-Stripping Vulnerabilities"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-50169",
"datePublished": "2026-06-22T15:41:17.125Z",
"dateReserved": "2026-06-03T20:54:20.433Z",
"dateUpdated": "2026-06-22T17:32:36.408Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-50169",
"date": "2026-06-27",
"epss": "0.00165",
"percentile": "0.0603"
},
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-50169\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-06-22T17:32:21.478134Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-06-22T17:32:28.735Z\"}}], \"cna\": {\"title\": \"Angular Service Worker Policy-Bypass \u0026 Credential-Stripping Vulnerabilities\", \"source\": {\"advisory\": \"GHSA-gv2q-mqqv-365m\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 5.7, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N\", \"userInteraction\": \"PASSIVE\", \"attackComplexity\": \"HIGH\", \"attackRequirements\": \"PRESENT\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"angular\", \"product\": \"angular\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 22.0.0-next.0, \u003c 22.0.0-rc.2\"}, {\"status\": \"affected\", \"version\": \"\u003e= 21.0.0-next.0, \u003c 21.2.15\"}, {\"status\": \"affected\", \"version\": \"\u003e= 20.0.0-next.0, \u003c 20.3.22\"}, {\"status\": \"affected\", \"version\": \"\u003e= 19.0.0-next.0, \u003c 19.2.23\"}, {\"status\": \"affected\", \"version\": \"\u003c= 18.2.14\"}]}], \"references\": [{\"url\": \"https://github.com/angular/angular/security/advisories/GHSA-gv2q-mqqv-365m\", \"name\": \"https://github.com/angular/angular/security/advisories/GHSA-gv2q-mqqv-365m\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/angular/angular/pull/67494\", \"name\": \"https://github.com/angular/angular/pull/67494\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15 20.3.22, and 19.2.23, an issue in the @angular/service-worker package compromises the integrity of request-policy enforcement during request reconstruction. When the Angular Service Worker intercepts network requests for matched assets, it reconstructs a new Request object using an internal helper function. During this reconstruction process, the helper function strips the strict, client-defined request redirect policy configuration (such as redirect: \u0027error\u0027), falling back to the browser\u0027s default \u0027follow\u0027 strategy. If the target web application makes client-side requests with a strict policy (e.g., expecting a network error instead of automatically following redirects), the service worker will bypass this instruction and automatically follow HTTP 3xx redirects to other destinations. This acts as an unintended proxy/intermediary (\\\"Confused Deputy\\\") and can result in cookie/credential exposure or same-origin session-restricted data leakage if public dynamic routes redirect to sensitive routes. This vulnerability is fixed in 22.0.0-rc.2, 21.2.15, 20.3.22, and 19.2.23.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-200\", \"description\": \"CWE-200: Exposure of Sensitive Information to an Unauthorized Actor\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-441\", \"description\": \"CWE-441: Unintended Proxy or Intermediary (\u0027Confused Deputy\u0027)\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-524\", \"description\": \"CWE-524: Use of Cache Containing Sensitive Information\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-06-22T15:46:26.364Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-50169\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-06-22T17:32:36.408Z\", \"dateReserved\": \"2026-06-03T20:54:20.433Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-06-22T15:41:17.125Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
FKIE_CVE-2026-50169
Vulnerability from fkie_nvd - Published: 2026-06-22 18:16 - Updated: 2026-06-26 19:40
Severity
Summary
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15 20.3.22, and 19.2.23, an issue in the @angular/service-worker package compromises the integrity of request-policy enforcement during request reconstruction. When the Angular Service Worker intercepts network requests for matched assets, it reconstructs a new Request object using an internal helper function. During this reconstruction process, the helper function strips the strict, client-defined request redirect policy configuration (such as redirect: 'error'), falling back to the browser's default 'follow' strategy. If the target web application makes client-side requests with a strict policy (e.g., expecting a network error instead of automatically following redirects), the service worker will bypass this instruction and automatically follow HTTP 3xx redirects to other destinations. This acts as an unintended proxy/intermediary ("Confused Deputy") and can result in cookie/credential exposure or same-origin session-restricted data leakage if public dynamic routes redirect to sensitive routes. This vulnerability is fixed in 22.0.0-rc.2, 21.2.15, 20.3.22, and 19.2.23.
References
| URL | Tags | ||
|---|---|---|---|
| security-advisories@github.com | https://github.com/angular/angular/pull/67494 | Issue Tracking, Patch | |
| security-advisories@github.com | https://github.com/angular/angular/security/advisories/GHSA-gv2q-mqqv-365m | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| angularjs | angularjs | * | |
| angularjs | angularjs | * | |
| angularjs | angularjs | * | |
| angularjs | angularjs | * | |
| angularjs | angularjs | 22.0.0 | |
| angularjs | angularjs | 22.0.0 | |
| angularjs | angularjs | 22.0.0 | |
| angularjs | angularjs | 22.0.0 | |
| angularjs | angularjs | 22.0.0 | |
| angularjs | angularjs | 22.0.0 | |
| angularjs | angularjs | 22.0.0 | |
| angularjs | angularjs | 22.0.0 | |
| angularjs | angularjs | 22.0.0 | |
| angularjs | angularjs | 22.0.0 | |
| angularjs | angularjs | 22.0.0 | |
| angularjs | angularjs | 22.0.0 | |
| angularjs | angularjs | 22.0.0 | |
| angularjs | angularjs | 22.0.0 | |
| angularjs | angularjs | 22.0.0 |
{
"affected": [
{
"affectedData": [
{
"product": "angular",
"vendor": "angular",
"versions": [
{
"status": "affected",
"version": "\u003e= 22.0.0-next.0, \u003c 22.0.0-rc.2"
},
{
"status": "affected",
"version": "\u003e= 21.0.0-next.0, \u003c 21.2.15"
},
{
"status": "affected",
"version": "\u003e= 20.0.0-next.0, \u003c 20.3.22"
},
{
"status": "affected",
"version": "\u003e= 19.0.0-next.0, \u003c 19.2.23"
},
{
"status": "affected",
"version": "\u003c= 18.2.14"
}
]
}
],
"source": "security-advisories@github.com"
}
],
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:angularjs:angularjs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A70036B6-0384-40CC-9402-261200050260",
"versionEndIncluding": "18.2.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:angularjs:angularjs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7FADD963-D39A-47F5-A352-13A46F056CDF",
"versionEndExcluding": "19.2.23",
"versionStartIncluding": "19.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:angularjs:angularjs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3332B1D4-C8DE-4AF1-B02E-B4F6E89FD20C",
"versionEndExcluding": "20.3.22",
"versionStartIncluding": "20.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:angularjs:angularjs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD596738-EFE2-4226-94F5-664DBBBE4D40",
"versionEndExcluding": "21.2.15",
"versionStartIncluding": "21.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:angularjs:angularjs:22.0.0:next0:*:*:*:*:*:*",
"matchCriteriaId": "3CAB422E-FCB2-4AD0-8C6F-90F8DDCF046B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:angularjs:angularjs:22.0.0:next1:*:*:*:*:*:*",
"matchCriteriaId": "E3F939B4-3291-4AC7-B8A0-437981B44A15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:angularjs:angularjs:22.0.0:next10:*:*:*:*:*:*",
"matchCriteriaId": "5EF3D989-611A-4794-BF55-18E32CD6A37C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:angularjs:angularjs:22.0.0:next11:*:*:*:*:*:*",
"matchCriteriaId": "2D66CF2E-7578-41ED-8714-4BB4124E1BBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:angularjs:angularjs:22.0.0:next12:*:*:*:*:*:*",
"matchCriteriaId": "45E0B5CB-3D0D-4E94-B5B5-DA44868AFC56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:angularjs:angularjs:22.0.0:next2:*:*:*:*:*:*",
"matchCriteriaId": "DE5BE0D4-C971-4BDE-9208-A804D4D0F499",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:angularjs:angularjs:22.0.0:next3:*:*:*:*:*:*",
"matchCriteriaId": "2E2939BC-2B96-421F-9A92-213FC8E69958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:angularjs:angularjs:22.0.0:next4:*:*:*:*:*:*",
"matchCriteriaId": "A6334AFE-E843-4DD0-8118-B843BB54D62F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:angularjs:angularjs:22.0.0:next5:*:*:*:*:*:*",
"matchCriteriaId": "9B7E0ECF-91DD-4F4A-B1A4-66A3380E0D52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:angularjs:angularjs:22.0.0:next6:*:*:*:*:*:*",
"matchCriteriaId": "8AA37933-9C41-4B5D-BB35-FC8BAD3FBB1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:angularjs:angularjs:22.0.0:next7:*:*:*:*:*:*",
"matchCriteriaId": "FD03563D-4DAC-4C3A-A89B-277C2109BC3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:angularjs:angularjs:22.0.0:next8:*:*:*:*:*:*",
"matchCriteriaId": "C42CDCDD-BCAF-4F2F-8A0D-703431BDA3AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:angularjs:angularjs:22.0.0:next9:*:*:*:*:*:*",
"matchCriteriaId": "07E4BC13-3946-4756-A10F-8DBDC812553C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:angularjs:angularjs:22.0.0:rc0:*:*:*:*:*:*",
"matchCriteriaId": "B2AA884A-730A-45C6-83FE-104E9FD358EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:angularjs:angularjs:22.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6EA55F1C-F490-4E2F-9E93-5FF1C31FC78F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15 20.3.22, and 19.2.23, an issue in the @angular/service-worker package compromises the integrity of request-policy enforcement during request reconstruction. When the Angular Service Worker intercepts network requests for matched assets, it reconstructs a new Request object using an internal helper function. During this reconstruction process, the helper function strips the strict, client-defined request redirect policy configuration (such as redirect: \u0027error\u0027), falling back to the browser\u0027s default \u0027follow\u0027 strategy. If the target web application makes client-side requests with a strict policy (e.g., expecting a network error instead of automatically following redirects), the service worker will bypass this instruction and automatically follow HTTP 3xx redirects to other destinations. This acts as an unintended proxy/intermediary (\"Confused Deputy\") and can result in cookie/credential exposure or same-origin session-restricted data leakage if public dynamic routes redirect to sensitive routes. This vulnerability is fixed in 22.0.0-rc.2, 21.2.15, 20.3.22, and 19.2.23."
}
],
"id": "CVE-2026-50169",
"lastModified": "2026-06-26T19:40:14.063",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "security-advisories@github.com",
"type": "Secondary"
}
],
"ssvcV203": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"ssvcData": {
"id": "CVE-2026-50169",
"options": [
{
"exploitation": "none"
},
{
"automatable": "no"
},
{
"technicalImpact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-22T17:32:21.478134Z",
"version": "2.0.3"
}
}
]
},
"published": "2026-06-22T18:16:42.253",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/angular/angular/pull/67494"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/angular/angular/security/advisories/GHSA-gv2q-mqqv-365m"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
},
{
"lang": "en",
"value": "CWE-441"
},
{
"lang": "en",
"value": "CWE-524"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
GHSA-GV2Q-MQQV-365M
Vulnerability from github – Published: 2026-06-15 16:44 – Updated: 2026-06-15 16:44
VLAI
Summary
Angular Service Worker Policy-Bypass & Credential-Stripping Vulnerabilities
Details
An issue in the @angular/service-worker package compromises the integrity of request-policy enforcement during request reconstruction. When the Angular Service Worker intercepts network requests for matched assets, it reconstructs a new Request object using an internal helper function.
During this reconstruction process, the helper function strips the strict, client-defined request redirect policy configuration (such as redirect: 'error'), falling back to the browser's default 'follow' strategy.
If the target web application makes client-side requests with a strict policy (e.g., expecting a network error instead of automatically following redirects), the service worker will bypass this instruction and automatically follow HTTP 3xx redirects to other destinations. This acts as an unintended proxy/intermediary ("Confused Deputy") and can result in cookie/credential exposure or same-origin session-restricted data leakage if public dynamic routes redirect to sensitive routes.
Impact
Web applications registering the @angular/service-worker package are vulnerable to this redirect-policy bypass if they make safe client-side fetch calls (such as { redirect: 'error' }) to paths matched by a service worker asset group (such as lazy-loaded JavaScript bundles or dynamic public assets) that can return HTTP redirects to authenticated same-origin secure endpoints.
By stripping developer-defined safety boundaries, the service worker allows the browser to transparently query and return data from credentials-guarded resources that should have been blocked at the network barrier.
Attack Preconditions
To successfully exploit this vulnerability, all of the following application states and parameters must concurrently exist:
1. Active Angular Service Worker: The target application uses @angular/service-worker and has an active registration of ngsw-worker.js inside the client's browser context.
2. Asset Group Matching: An assetGroups pattern in ngsw-config.json encompasses the target dynamic routing endpoint.
3. Same-Origin Dynamic Redirection: The server routes a public matched asset route to a service that returns an HTTP 3xx redirect pointing to a sensitive, session-restricted same-origin private route (e.g., /private/account-summary.json).
4. Established User Session: The victim user currently has an active authentication state, such as valid same-origin session cookies or auth headers stored by the browser.
5. Client-Side Safe Fetch Call: The application initiates an explicit fetch request to the route with safety parameters: { redirect: 'error' }.
Mitigations & Workarounds
If upgrading the @angular/service-worker package is not immediately feasible, developers should implement the following defensive measures:
* Avoid Public-to-Private Dynamic Redirection: Refactor the server architecture so that public paths matched by service worker asset groups never issue HTTP 3xx redirects to authenticated same-origin secure endpoints.
* Strict Cookie Configuration: Apply strict flags to session cookies (SameSite=Strict; Secure; HttpOnly) and consider explicit route isolations (such as subdomains) for credential-guarded private resources.
* Exclude Secure Endpoints from SW Config: Verify your ngsw-config.json settings and ensure that patterns targeting dynamic, secure endpoints are explicitly excluded from automatic asset groups or caching scopes.
Patches
- 22.0.0-rc.2
- 21.2.15
- 20.3.22
- 19.2.23
Severity
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "@angular/service-worker"
},
"ranges": [
{
"events": [
{
"introduced": "22.0.0-next.0"
},
{
"fixed": "22.0.0-rc.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "@angular/service-worker"
},
"ranges": [
{
"events": [
{
"introduced": "20.0.0-next.0"
},
{
"fixed": "20.3.22"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "@angular/service-worker"
},
"ranges": [
{
"events": [
{
"introduced": "19.0.0-next.0"
},
{
"fixed": "19.2.23"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "@angular/service-worker"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "18.2.14"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "@angular/service-worker"
},
"ranges": [
{
"events": [
{
"introduced": "21.0.0-next.0"
},
{
"fixed": "21.2.15"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-50169"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-441",
"CWE-524"
],
"github_reviewed": true,
"github_reviewed_at": "2026-06-15T16:44:21Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "An issue in the `@angular/service-worker` package compromises the integrity of request-policy enforcement during request reconstruction. When the Angular Service Worker intercepts network requests for matched assets, it reconstructs a new `Request` object using an internal helper function. \n\nDuring this reconstruction process, the helper function strips the strict, client-defined request redirect policy configuration (such as `redirect: \u0027error\u0027`), falling back to the browser\u0027s default `\u0027follow\u0027` strategy.\n\nIf the target web application makes client-side requests with a strict policy (e.g., expecting a network error instead of automatically following redirects), the service worker will bypass this instruction and automatically follow HTTP 3xx redirects to other destinations. This acts as an unintended proxy/intermediary (\"Confused Deputy\") and can result in cookie/credential exposure or same-origin session-restricted data leakage if public dynamic routes redirect to sensitive routes.\n\n### Impact\nWeb applications registering the `@angular/service-worker` package are vulnerable to this redirect-policy bypass if they make safe client-side fetch calls (such as `{ redirect: \u0027error\u0027 }`) to paths matched by a service worker asset group (such as lazy-loaded JavaScript bundles or dynamic public assets) that can return HTTP redirects to authenticated same-origin secure endpoints. \n\nBy stripping developer-defined safety boundaries, the service worker allows the browser to transparently query and return data from credentials-guarded resources that should have been blocked at the network barrier.\n\n### Attack Preconditions\nTo successfully exploit this vulnerability, all of the following application states and parameters must concurrently exist:\n1. **Active Angular Service Worker:** The target application uses `@angular/service-worker` and has an active registration of `ngsw-worker.js` inside the client\u0027s browser context.\n2. **Asset Group Matching:** An `assetGroups` pattern in `ngsw-config.json` encompasses the target dynamic routing endpoint.\n3. **Same-Origin Dynamic Redirection:** The server routes a public matched asset route to a service that returns an HTTP 3xx redirect pointing to a sensitive, session-restricted same-origin private route (e.g., `/private/account-summary.json`).\n4. **Established User Session:** The victim user currently has an active authentication state, such as valid same-origin session cookies or auth headers stored by the browser.\n5. **Client-Side Safe Fetch Call:** The application initiates an explicit fetch request to the route with safety parameters: `{ redirect: \u0027error\u0027 }`.\n\n### Mitigations \u0026 Workarounds\nIf upgrading the `@angular/service-worker` package is not immediately feasible, developers should implement the following defensive measures:\n* **Avoid Public-to-Private Dynamic Redirection:** Refactor the server architecture so that public paths matched by service worker asset groups never issue HTTP 3xx redirects to authenticated same-origin secure endpoints.\n* **Strict Cookie Configuration:** Apply strict flags to session cookies (`SameSite=Strict; Secure; HttpOnly`) and consider explicit route isolations (such as subdomains) for credential-guarded private resources.\n* **Exclude Secure Endpoints from SW Config:** Verify your `ngsw-config.json` settings and ensure that patterns targeting dynamic, secure endpoints are explicitly excluded from automatic asset groups or caching scopes.\n\n### Patches\n- 22.0.0-rc.2\n- 21.2.15\n- 20.3.22\n- 19.2.23",
"id": "GHSA-gv2q-mqqv-365m",
"modified": "2026-06-15T16:44:21Z",
"published": "2026-06-15T16:44:21Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/angular/angular/security/advisories/GHSA-gv2q-mqqv-365m"
},
{
"type": "WEB",
"url": "https://github.com/angular/angular/pull/67494"
},
{
"type": "PACKAGE",
"url": "https://github.com/angular/angular"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Angular Service Worker Policy-Bypass \u0026 Credential-Stripping Vulnerabilities"
}
WID-SEC-W-2026-1930
Vulnerability from csaf_certbund - Published: 2026-06-15 22:00 - Updated: 2026-06-15 22:00Summary
Angular: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Angular ist ein TypeScript-basiertes Front-End-Webapplikationsframework. Es ist eine Weiterentwicklung des JavaScript basierten AngularJS.
Angriff: Ein Angreifer kann mehrere Schwachstellen in Angular ausnutzen, um erweiterte Berechtigungen zu erlangen, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, Cross-Site-Scripting-Angriffe durchzuführen, einen Denial-of-Service-Zustand herbeizuführen, Daten zu manipulieren oder offenzulegen, Benutzer auf bösartige Websites umzuleiten oder Sitzungen zu kapern.
Betroffene Betriebssysteme: - Sonstiges
- UNIX
- Windows
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Angular <19.2.23
Open Source / Angular
|
<19.2.23 | ||
|
Open Source Angular <20.3.22
Open Source / Angular
|
<20.3.22 | ||
|
Open Source Angular <21.2.15
Open Source / Angular
|
<21.2.15 | ||
|
Open Source Angular <22.0.0-rc.2
Open Source / Angular
|
<22.0.0-rc.2 | ||
|
Open Source Angular <22.0.1
Open Source / Angular
|
<22.0.1 | ||
|
Open Source Angular <19.2.22
Open Source / Angular
|
<19.2.22 | ||
|
Open Source Angular <20.3.25
Open Source / Angular
|
<20.3.25 | ||
|
Open Source Angular <21.2.17
Open Source / Angular
|
<21.2.17 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Angular <19.2.23
Open Source / Angular
|
<19.2.23 | ||
|
Open Source Angular <20.3.22
Open Source / Angular
|
<20.3.22 | ||
|
Open Source Angular <21.2.15
Open Source / Angular
|
<21.2.15 | ||
|
Open Source Angular <22.0.0-rc.2
Open Source / Angular
|
<22.0.0-rc.2 | ||
|
Open Source Angular <22.0.1
Open Source / Angular
|
<22.0.1 | ||
|
Open Source Angular <19.2.22
Open Source / Angular
|
<19.2.22 | ||
|
Open Source Angular <20.3.25
Open Source / Angular
|
<20.3.25 | ||
|
Open Source Angular <21.2.17
Open Source / Angular
|
<21.2.17 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Angular <19.2.23
Open Source / Angular
|
<19.2.23 | ||
|
Open Source Angular <20.3.22
Open Source / Angular
|
<20.3.22 | ||
|
Open Source Angular <21.2.15
Open Source / Angular
|
<21.2.15 | ||
|
Open Source Angular <22.0.0-rc.2
Open Source / Angular
|
<22.0.0-rc.2 | ||
|
Open Source Angular <22.0.1
Open Source / Angular
|
<22.0.1 | ||
|
Open Source Angular <19.2.22
Open Source / Angular
|
<19.2.22 | ||
|
Open Source Angular <20.3.25
Open Source / Angular
|
<20.3.25 | ||
|
Open Source Angular <21.2.17
Open Source / Angular
|
<21.2.17 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Angular <19.2.23
Open Source / Angular
|
<19.2.23 | ||
|
Open Source Angular <20.3.22
Open Source / Angular
|
<20.3.22 | ||
|
Open Source Angular <21.2.15
Open Source / Angular
|
<21.2.15 | ||
|
Open Source Angular <22.0.0-rc.2
Open Source / Angular
|
<22.0.0-rc.2 | ||
|
Open Source Angular <22.0.1
Open Source / Angular
|
<22.0.1 | ||
|
Open Source Angular <19.2.22
Open Source / Angular
|
<19.2.22 | ||
|
Open Source Angular <20.3.25
Open Source / Angular
|
<20.3.25 | ||
|
Open Source Angular <21.2.17
Open Source / Angular
|
<21.2.17 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Angular <19.2.23
Open Source / Angular
|
<19.2.23 | ||
|
Open Source Angular <20.3.22
Open Source / Angular
|
<20.3.22 | ||
|
Open Source Angular <21.2.15
Open Source / Angular
|
<21.2.15 | ||
|
Open Source Angular <22.0.0-rc.2
Open Source / Angular
|
<22.0.0-rc.2 | ||
|
Open Source Angular <22.0.1
Open Source / Angular
|
<22.0.1 | ||
|
Open Source Angular <19.2.22
Open Source / Angular
|
<19.2.22 | ||
|
Open Source Angular <20.3.25
Open Source / Angular
|
<20.3.25 | ||
|
Open Source Angular <21.2.17
Open Source / Angular
|
<21.2.17 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Angular <19.2.23
Open Source / Angular
|
<19.2.23 | ||
|
Open Source Angular <20.3.22
Open Source / Angular
|
<20.3.22 | ||
|
Open Source Angular <21.2.15
Open Source / Angular
|
<21.2.15 | ||
|
Open Source Angular <22.0.0-rc.2
Open Source / Angular
|
<22.0.0-rc.2 | ||
|
Open Source Angular <22.0.1
Open Source / Angular
|
<22.0.1 | ||
|
Open Source Angular <19.2.22
Open Source / Angular
|
<19.2.22 | ||
|
Open Source Angular <20.3.25
Open Source / Angular
|
<20.3.25 | ||
|
Open Source Angular <21.2.17
Open Source / Angular
|
<21.2.17 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Angular <19.2.23
Open Source / Angular
|
<19.2.23 | ||
|
Open Source Angular <20.3.22
Open Source / Angular
|
<20.3.22 | ||
|
Open Source Angular <21.2.15
Open Source / Angular
|
<21.2.15 | ||
|
Open Source Angular <22.0.0-rc.2
Open Source / Angular
|
<22.0.0-rc.2 | ||
|
Open Source Angular <22.0.1
Open Source / Angular
|
<22.0.1 | ||
|
Open Source Angular <19.2.22
Open Source / Angular
|
<19.2.22 | ||
|
Open Source Angular <20.3.25
Open Source / Angular
|
<20.3.25 | ||
|
Open Source Angular <21.2.17
Open Source / Angular
|
<21.2.17 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Angular <19.2.23
Open Source / Angular
|
<19.2.23 | ||
|
Open Source Angular <20.3.22
Open Source / Angular
|
<20.3.22 | ||
|
Open Source Angular <21.2.15
Open Source / Angular
|
<21.2.15 | ||
|
Open Source Angular <22.0.0-rc.2
Open Source / Angular
|
<22.0.0-rc.2 | ||
|
Open Source Angular <22.0.1
Open Source / Angular
|
<22.0.1 | ||
|
Open Source Angular <19.2.22
Open Source / Angular
|
<19.2.22 | ||
|
Open Source Angular <20.3.25
Open Source / Angular
|
<20.3.25 | ||
|
Open Source Angular <21.2.17
Open Source / Angular
|
<21.2.17 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Angular <19.2.23
Open Source / Angular
|
<19.2.23 | ||
|
Open Source Angular <20.3.22
Open Source / Angular
|
<20.3.22 | ||
|
Open Source Angular <21.2.15
Open Source / Angular
|
<21.2.15 | ||
|
Open Source Angular <22.0.0-rc.2
Open Source / Angular
|
<22.0.0-rc.2 | ||
|
Open Source Angular <22.0.1
Open Source / Angular
|
<22.0.1 | ||
|
Open Source Angular <19.2.22
Open Source / Angular
|
<19.2.22 | ||
|
Open Source Angular <20.3.25
Open Source / Angular
|
<20.3.25 | ||
|
Open Source Angular <21.2.17
Open Source / Angular
|
<21.2.17 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Angular <19.2.23
Open Source / Angular
|
<19.2.23 | ||
|
Open Source Angular <20.3.22
Open Source / Angular
|
<20.3.22 | ||
|
Open Source Angular <21.2.15
Open Source / Angular
|
<21.2.15 | ||
|
Open Source Angular <22.0.0-rc.2
Open Source / Angular
|
<22.0.0-rc.2 | ||
|
Open Source Angular <22.0.1
Open Source / Angular
|
<22.0.1 | ||
|
Open Source Angular <19.2.22
Open Source / Angular
|
<19.2.22 | ||
|
Open Source Angular <20.3.25
Open Source / Angular
|
<20.3.25 | ||
|
Open Source Angular <21.2.17
Open Source / Angular
|
<21.2.17 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Angular <19.2.23
Open Source / Angular
|
<19.2.23 | ||
|
Open Source Angular <20.3.22
Open Source / Angular
|
<20.3.22 | ||
|
Open Source Angular <21.2.15
Open Source / Angular
|
<21.2.15 | ||
|
Open Source Angular <22.0.0-rc.2
Open Source / Angular
|
<22.0.0-rc.2 | ||
|
Open Source Angular <22.0.1
Open Source / Angular
|
<22.0.1 | ||
|
Open Source Angular <19.2.22
Open Source / Angular
|
<19.2.22 | ||
|
Open Source Angular <20.3.25
Open Source / Angular
|
<20.3.25 | ||
|
Open Source Angular <21.2.17
Open Source / Angular
|
<21.2.17 |
References
13 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Angular ist ein TypeScript-basiertes Front-End-Webapplikationsframework. Es ist eine Weiterentwicklung des JavaScript basierten AngularJS.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in Angular ausnutzen, um erweiterte Berechtigungen zu erlangen, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, Cross-Site-Scripting-Angriffe durchzuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Daten zu manipulieren oder offenzulegen, Benutzer auf b\u00f6sartige Websites umzuleiten oder Sitzungen zu kapern.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-1930 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1930.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-1930 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1930"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-692r-grfm-v8x7 vom 2026-06-15",
"url": "https://github.com/advisories/GHSA-692r-grfm-v8x7"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-95qp-cmmw-mgqv vom 2026-06-15",
"url": "https://github.com/advisories/GHSA-95qp-cmmw-mgqv"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-f3m7-gqxr-g87x vom 2026-06-15",
"url": "https://github.com/advisories/GHSA-f3m7-gqxr-g87x"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-gv2q-mqqv-365m vom 2026-06-15",
"url": "https://github.com/advisories/GHSA-gv2q-mqqv-365m"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-gxx4-3xcv-f8qx vom 2026-06-15",
"url": "https://github.com/advisories/GHSA-gxx4-3xcv-f8qx"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-hqr9-c56f-3x7f vom 2026-06-15",
"url": "https://github.com/advisories/GHSA-hqr9-c56f-3x7f"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-p3vc-36g9-x9gr vom 2026-06-15",
"url": "https://github.com/advisories/GHSA-p3vc-36g9-x9gr"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-q6f4-qqrg-jv6x vom 2026-06-15",
"url": "https://github.com/advisories/GHSA-q6f4-qqrg-jv6x"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-qxh6-94w6-9r5p vom 2026-06-15",
"url": "https://github.com/advisories/GHSA-qxh6-94w6-9r5p"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-rgjc-h3x7-9mwg vom 2026-06-15",
"url": "https://github.com/advisories/GHSA-rgjc-h3x7-9mwg"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-xrxm-cp7j-8xf6 vom 2026-06-15",
"url": "https://github.com/advisories/GHSA-xrxm-cp7j-8xf6"
}
],
"source_lang": "en-US",
"title": "Angular: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-06-15T22:00:00.000+00:00",
"generator": {
"date": "2026-06-16T09:04:52.763+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.6.0"
}
},
"id": "WID-SEC-W-2026-1930",
"initial_release_date": "2026-06-15T22:00:00.000+00:00",
"revision_history": [
{
"date": "2026-06-15T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c22.0.1",
"product": {
"name": "Open Source Angular \u003c22.0.1",
"product_id": "T055406"
}
},
{
"category": "product_version",
"name": "22.0.1",
"product": {
"name": "Open Source Angular 22.0.1",
"product_id": "T055406-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:angular:angular:22.0.1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c22.0.0-rc.2",
"product": {
"name": "Open Source Angular \u003c22.0.0-rc.2",
"product_id": "T055407"
}
},
{
"category": "product_version",
"name": "22.0.0-rc.2",
"product": {
"name": "Open Source Angular 22.0.0-rc.2",
"product_id": "T055407-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:angular:angular:22.0.0-rc.2"
}
}
},
{
"category": "product_version_range",
"name": "\u003c21.2.15",
"product": {
"name": "Open Source Angular \u003c21.2.15",
"product_id": "T055408"
}
},
{
"category": "product_version",
"name": "21.2.15",
"product": {
"name": "Open Source Angular 21.2.15",
"product_id": "T055408-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:angular:angular:21.2.15"
}
}
},
{
"category": "product_version_range",
"name": "\u003c20.3.22",
"product": {
"name": "Open Source Angular \u003c20.3.22",
"product_id": "T055409"
}
},
{
"category": "product_version",
"name": "20.3.22",
"product": {
"name": "Open Source Angular 20.3.22",
"product_id": "T055409-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:angular:angular:20.3.22"
}
}
},
{
"category": "product_version_range",
"name": "\u003c19.2.23",
"product": {
"name": "Open Source Angular \u003c19.2.23",
"product_id": "T055410"
}
},
{
"category": "product_version",
"name": "19.2.23",
"product": {
"name": "Open Source Angular 19.2.23",
"product_id": "T055410-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:angular:angular:19.2.23"
}
}
},
{
"category": "product_version_range",
"name": "\u003c21.2.17",
"product": {
"name": "Open Source Angular \u003c21.2.17",
"product_id": "T055411"
}
},
{
"category": "product_version",
"name": "21.2.17",
"product": {
"name": "Open Source Angular 21.2.17",
"product_id": "T055411-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:angular:angular:21.2.17"
}
}
},
{
"category": "product_version_range",
"name": "\u003c20.3.25",
"product": {
"name": "Open Source Angular \u003c20.3.25",
"product_id": "T055412"
}
},
{
"category": "product_version",
"name": "20.3.25",
"product": {
"name": "Open Source Angular 20.3.25",
"product_id": "T055412-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:angular:angular:20.3.25"
}
}
},
{
"category": "product_version_range",
"name": "\u003c19.2.22",
"product": {
"name": "Open Source Angular \u003c19.2.22",
"product_id": "T055413"
}
},
{
"category": "product_version",
"name": "19.2.22",
"product": {
"name": "Open Source Angular 19.2.22",
"product_id": "T055413-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:angular:angular:19.2.22"
}
}
}
],
"category": "product_name",
"name": "Angular"
}
],
"category": "vendor",
"name": "Open Source"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-50168",
"product_status": {
"known_affected": [
"T055410",
"T055409",
"T055408",
"T055407",
"T055406",
"T055413",
"T055412",
"T055411"
]
},
"release_date": "2026-06-15T22:00:00.000+00:00",
"title": "CVE-2026-50168"
},
{
"cve": "CVE-2026-50169",
"product_status": {
"known_affected": [
"T055410",
"T055409",
"T055408",
"T055407",
"T055406",
"T055413",
"T055412",
"T055411"
]
},
"release_date": "2026-06-15T22:00:00.000+00:00",
"title": "CVE-2026-50169"
},
{
"cve": "CVE-2026-50170",
"product_status": {
"known_affected": [
"T055410",
"T055409",
"T055408",
"T055407",
"T055406",
"T055413",
"T055412",
"T055411"
]
},
"release_date": "2026-06-15T22:00:00.000+00:00",
"title": "CVE-2026-50170"
},
{
"cve": "CVE-2026-50171",
"product_status": {
"known_affected": [
"T055410",
"T055409",
"T055408",
"T055407",
"T055406",
"T055413",
"T055412",
"T055411"
]
},
"release_date": "2026-06-15T22:00:00.000+00:00",
"title": "CVE-2026-50171"
},
{
"cve": "CVE-2026-50184",
"product_status": {
"known_affected": [
"T055410",
"T055409",
"T055408",
"T055407",
"T055406",
"T055413",
"T055412",
"T055411"
]
},
"release_date": "2026-06-15T22:00:00.000+00:00",
"title": "CVE-2026-50184"
},
{
"cve": "CVE-2026-50555",
"product_status": {
"known_affected": [
"T055410",
"T055409",
"T055408",
"T055407",
"T055406",
"T055413",
"T055412",
"T055411"
]
},
"release_date": "2026-06-15T22:00:00.000+00:00",
"title": "CVE-2026-50555"
},
{
"cve": "CVE-2026-50556",
"product_status": {
"known_affected": [
"T055410",
"T055409",
"T055408",
"T055407",
"T055406",
"T055413",
"T055412",
"T055411"
]
},
"release_date": "2026-06-15T22:00:00.000+00:00",
"title": "CVE-2026-50556"
},
{
"cve": "CVE-2026-50557",
"product_status": {
"known_affected": [
"T055410",
"T055409",
"T055408",
"T055407",
"T055406",
"T055413",
"T055412",
"T055411"
]
},
"release_date": "2026-06-15T22:00:00.000+00:00",
"title": "CVE-2026-50557"
},
{
"cve": "CVE-2026-52725",
"product_status": {
"known_affected": [
"T055410",
"T055409",
"T055408",
"T055407",
"T055406",
"T055413",
"T055412",
"T055411"
]
},
"release_date": "2026-06-15T22:00:00.000+00:00",
"title": "CVE-2026-52725"
},
{
"cve": "CVE-2026-54264",
"product_status": {
"known_affected": [
"T055410",
"T055409",
"T055408",
"T055407",
"T055406",
"T055413",
"T055412",
"T055411"
]
},
"release_date": "2026-06-15T22:00:00.000+00:00",
"title": "CVE-2026-54264"
},
{
"cve": "CVE-2026-54267",
"product_status": {
"known_affected": [
"T055410",
"T055409",
"T055408",
"T055407",
"T055406",
"T055413",
"T055412",
"T055411"
]
},
"release_date": "2026-06-15T22:00:00.000+00:00",
"title": "CVE-2026-54267"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…