6.1

CVE-2026-50169

Angular Service Worker Policy-Bypass & Credential-Stripping Vulnerabilities

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15 20.3.22, and 19.2.23, an issue in the @angular/service-worker package compromises the integrity of request-policy enforcement during request reconstruction. When the Angular Service Worker intercepts network requests for matched assets, it reconstructs a new Request object using an internal helper function. During this reconstruction process, the helper function strips the strict, client-defined request redirect policy configuration (such as redirect: 'error'), falling back to the browser's default 'follow' strategy. If the target web application makes client-side requests with a strict policy (e.g., expecting a network error instead of automatically following redirects), the service worker will bypass this instruction and automatically follow HTTP 3xx redirects to other destinations. This acts as an unintended proxy/intermediary ("Confused Deputy") and can result in cookie/credential exposure or same-origin session-restricted data leakage if public dynamic routes redirect to sensitive routes. This vulnerability is fixed in 22.0.0-rc.2, 21.2.15, 20.3.22, and 19.2.23.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AngularAngular SwPlatformnode.js Version <= 18.2.14
AngularAngular SwPlatformnode.js Version >= 19.0.0 < 19.2.23
AngularAngular SwPlatformnode.js Version >= 20.0.0 < 20.3.22
AngularAngular SwPlatformnode.js Version >= 21.0.0 < 21.2.15
AngularAngular Version22.0.0 Updatenext0 SwPlatformnode.js
AngularAngular Version22.0.0 Updatenext1 SwPlatformnode.js
AngularAngular Version22.0.0 Updatenext10 SwPlatformnode.js
AngularAngular Version22.0.0 Updatenext11 SwPlatformnode.js
AngularAngular Version22.0.0 Updatenext12 SwPlatformnode.js
AngularAngular Version22.0.0 Updatenext2 SwPlatformnode.js
AngularAngular Version22.0.0 Updatenext3 SwPlatformnode.js
AngularAngular Version22.0.0 Updatenext4 SwPlatformnode.js
AngularAngular Version22.0.0 Updatenext5 SwPlatformnode.js
AngularAngular Version22.0.0 Updatenext6 SwPlatformnode.js
AngularAngular Version22.0.0 Updatenext7 SwPlatformnode.js
AngularAngular Version22.0.0 Updatenext8 SwPlatformnode.js
AngularAngular Version22.0.0 Updatenext9 SwPlatformnode.js
AngularAngular Version22.0.0 Updaterc0 SwPlatformnode.js
AngularAngular Version22.0.0 Updaterc1 SwPlatformnode.js
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.17% 0.06
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.1 2.8 2.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
security-advisories@github.com 5.7 0 0
CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CWE-441 Unintended Proxy or Intermediary ('Confused Deputy')

The product receives a request, message, or directive from an upstream component, but the product does not sufficiently preserve the original source of the request before forwarding the request to an external actor that is outside of the product's control sphere. This causes the product to appear to be the source of the request, leading it to act as a proxy or other intermediary between the upstream component and the external actor.

CWE-524 Use of Cache Containing Sensitive Information

The code uses a cache that contains sensitive information, but the cache can be read by an actor outside of the intended control sphere.

https://github.com/angular/angular/pull/67494
Patch
Issue Tracking
https://github.com/angular/angular/security/advisories/GHSA-gv2q-mqqv-365m
Third Party Advisory