FKIE_CVE-2026-54264

Vulnerability from fkie_nvd - Published: 2026-06-22 16:16 - Updated: 2026-06-26 19:30
Severity
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, and 20.3.25, an information disclosure vulnerability exists in the @angular/service-worker package of the Angular framework. When the Service Worker fetches assets, it preserves metadata (such as headers) from the original request. However, on cross-origin redirects, the Service Worker fails to strip sensitive headers, violating the Fetch redirect algorithm. This allows a remote attacker to obtain sensitive credentials (e.g., Authorization tokens, Proxy-Authorization credentials, or session cookies) by triggering a cross-origin redirect to an untrusted external origin. This vulnerability is fixed in 22.0.1, 21.2.17, and 20.3.25.
References
security-advisories@github.comhttps://github.com/angular/angular/commit/47d68dcb26266316647133ab6385e77fc3e5ae08Patch
security-advisories@github.comhttps://github.com/angular/angular/pull/69029Issue Tracking, Patch
security-advisories@github.comhttps://github.com/angular/angular/security/advisories/GHSA-qxh6-94w6-9r5pThird Party Advisory
Impacted products
Vendor Product Version
angularjs angularjs *
angularjs angularjs *
angularjs angularjs *
angularjs angularjs 22.0.0
angularjs angularjs 22.0.0
angularjs angularjs 22.0.0
angularjs angularjs 22.0.0
angularjs angularjs 22.0.0
angularjs angularjs 22.0.0
angularjs angularjs 22.0.0
angularjs angularjs 22.0.0
angularjs angularjs 22.0.0
angularjs angularjs 22.0.0
angularjs angularjs 22.0.0
angularjs angularjs 22.0.0
angularjs angularjs 22.0.0
angularjs angularjs 22.0.0
angularjs angularjs 22.0.0
angularjs angularjs 22.0.0
angularjs angularjs 22.0.0
To clipboard 

{
  "affected": [
    {
      "affectedData": [
        {
          "product": "angular",
          "vendor": "angular",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 22.0.0-next.0 \u003c 22.0.1"
            },
            {
              "status": "affected",
              "version": "\u003e= 21.0.0-next.0 \u003c 21.2.17"
            },
            {
              "status": "affected",
              "version": "\u003e= 20.0.0-next.0 \u003c 20.3.25"
            },
            {
              "status": "affected",
              "version": "\u003c= 19.2.25"
            }
          ]
        }
      ],
      "source": "security-advisories@github.com"
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:angularjs:angularjs:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D644738B-D0F5-42F8-A1E2-C1335B20AE22",
              "versionEndIncluding": "19.2.25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:angularjs:angularjs:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A48DC038-6AC5-410D-BCE0-49FF58A9C79C",
              "versionEndExcluding": "20.3.25",
              "versionStartIncluding": "20.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:angularjs:angularjs:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B61B3E3-E68F-47D2-8EAE-2B18631590B0",
              "versionEndExcluding": "21.2.17",
              "versionStartIncluding": "21.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:angularjs:angularjs:22.0.0:next0:*:*:*:*:*:*",
              "matchCriteriaId": "3CAB422E-FCB2-4AD0-8C6F-90F8DDCF046B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:angularjs:angularjs:22.0.0:next1:*:*:*:*:*:*",
              "matchCriteriaId": "E3F939B4-3291-4AC7-B8A0-437981B44A15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:angularjs:angularjs:22.0.0:next10:*:*:*:*:*:*",
              "matchCriteriaId": "5EF3D989-611A-4794-BF55-18E32CD6A37C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:angularjs:angularjs:22.0.0:next11:*:*:*:*:*:*",
              "matchCriteriaId": "2D66CF2E-7578-41ED-8714-4BB4124E1BBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:angularjs:angularjs:22.0.0:next12:*:*:*:*:*:*",
              "matchCriteriaId": "45E0B5CB-3D0D-4E94-B5B5-DA44868AFC56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:angularjs:angularjs:22.0.0:next2:*:*:*:*:*:*",
              "matchCriteriaId": "DE5BE0D4-C971-4BDE-9208-A804D4D0F499",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:angularjs:angularjs:22.0.0:next3:*:*:*:*:*:*",
              "matchCriteriaId": "2E2939BC-2B96-421F-9A92-213FC8E69958",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:angularjs:angularjs:22.0.0:next4:*:*:*:*:*:*",
              "matchCriteriaId": "A6334AFE-E843-4DD0-8118-B843BB54D62F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:angularjs:angularjs:22.0.0:next5:*:*:*:*:*:*",
              "matchCriteriaId": "9B7E0ECF-91DD-4F4A-B1A4-66A3380E0D52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:angularjs:angularjs:22.0.0:next6:*:*:*:*:*:*",
              "matchCriteriaId": "8AA37933-9C41-4B5D-BB35-FC8BAD3FBB1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:angularjs:angularjs:22.0.0:next7:*:*:*:*:*:*",
              "matchCriteriaId": "FD03563D-4DAC-4C3A-A89B-277C2109BC3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:angularjs:angularjs:22.0.0:next8:*:*:*:*:*:*",
              "matchCriteriaId": "C42CDCDD-BCAF-4F2F-8A0D-703431BDA3AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:angularjs:angularjs:22.0.0:next9:*:*:*:*:*:*",
              "matchCriteriaId": "07E4BC13-3946-4756-A10F-8DBDC812553C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:angularjs:angularjs:22.0.0:rc0:*:*:*:*:*:*",
              "matchCriteriaId": "B2AA884A-730A-45C6-83FE-104E9FD358EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:angularjs:angularjs:22.0.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "6EA55F1C-F490-4E2F-9E93-5FF1C31FC78F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:angularjs:angularjs:22.0.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "83DB751D-E29B-4A3A-AA30-8BD6312700C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:angularjs:angularjs:22.0.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "42DC4414-7737-4BE9-9DE9-9FCB60BFF6F7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, and 20.3.25, an information disclosure vulnerability exists in the @angular/service-worker package of the Angular framework. When the Service Worker fetches assets, it preserves metadata (such as headers) from the original request. However, on cross-origin redirects, the Service Worker fails to strip sensitive headers, violating the Fetch redirect algorithm. This allows a remote attacker to obtain sensitive credentials (e.g., Authorization tokens, Proxy-Authorization credentials, or session cookies) by triggering a cross-origin redirect to an untrusted external origin. This vulnerability is fixed in 22.0.1, 21.2.17, and 20.3.25."
    }
  ],
  "id": "CVE-2026-54264",
  "lastModified": "2026-06-26T19:30:57.220",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "NETWORK",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 8.3,
          "baseSeverity": "HIGH",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "NONE",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "HIGH",
          "subIntegrityImpact": "NONE",
          "userInteraction": "PASSIVE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "NONE",
          "vulnConfidentialityImpact": "HIGH",
          "vulnIntegrityImpact": "NONE",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ],
    "ssvcV203": [
      {
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "ssvcData": {
          "id": "CVE-2026-54264",
          "options": [
            {
              "exploitation": "none"
            },
            {
              "automatable": "no"
            },
            {
              "technicalImpact": "partial"
            }
          ],
          "role": "CISA Coordinator",
          "timestamp": "2026-06-23T13:46:15.588316Z",
          "version": "2.0.3"
        }
      }
    ]
  },
  "published": "2026-06-22T16:16:39.057",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/angular/angular/commit/47d68dcb26266316647133ab6385e77fc3e5ae08"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Issue Tracking",
        "Patch"
      ],
      "url": "https://github.com/angular/angular/pull/69029"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/angular/angular/security/advisories/GHSA-qxh6-94w6-9r5p"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        },
        {
          "lang": "en",
          "value": "CWE-359"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.