8.2

CVE-2026-50170

Angular: Information Leak via Default Caching of Credentialed Requests in HttpTransferCache

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15, 20.3.22, and 19.2.23, a vulnerability was discovered in @angular/common when Server-Side Rendering (SSR) and hydration are enabled. The HttpTransferCache utility optimizes hydration by caching outgoing HTTP requests performed during SSR and transferring the cached state to the client-side application via TransferState. However, the caching mechanism fails to inspect the withCredentials flag or the Cookie header of outgoing requests. As a result, credentialed, user-specific responses may be cached by default in the shared TransferState payload. When these responses are serialized into the HTML, any caching layer (such as a CDN, reverse proxy, or shared server cache) that caches the SSR-rendered HTML page could inadvertently cache and leak one user's private data to other users, leading to a high-severity information disclosure vulnerability. This vulnerability is fixed in 22.0.0-rc.2, 21.2.15, 20.3.22, and 19.2.23.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AngularAngular SwPlatformnode.js Version <= 18.2.14
AngularAngular SwPlatformnode.js Version >= 19.0.0 < 19.2.23
AngularAngular SwPlatformnode.js Version >= 20.0.0 < 20.3.22
AngularAngular SwPlatformnode.js Version >= 21.0.0 < 21.2.15
AngularAngular Version22.0.0 Updatenext0 SwPlatformnode.js
AngularAngular Version22.0.0 Updatenext1 SwPlatformnode.js
AngularAngular Version22.0.0 Updatenext10 SwPlatformnode.js
AngularAngular Version22.0.0 Updatenext11 SwPlatformnode.js
AngularAngular Version22.0.0 Updatenext12 SwPlatformnode.js
AngularAngular Version22.0.0 Updatenext2 SwPlatformnode.js
AngularAngular Version22.0.0 Updatenext3 SwPlatformnode.js
AngularAngular Version22.0.0 Updatenext4 SwPlatformnode.js
AngularAngular Version22.0.0 Updatenext5 SwPlatformnode.js
AngularAngular Version22.0.0 Updatenext6 SwPlatformnode.js
AngularAngular Version22.0.0 Updatenext7 SwPlatformnode.js
AngularAngular Version22.0.0 Updatenext8 SwPlatformnode.js
AngularAngular Version22.0.0 Updatenext9 SwPlatformnode.js
AngularAngular Version22.0.0 Updaterc0 SwPlatformnode.js
AngularAngular Version22.0.0 Updaterc1 SwPlatformnode.js
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.27% 0.184
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
security-advisories@github.com 8.2 0 0
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CWE-524 Use of Cache Containing Sensitive Information

The code uses a cache that contains sensitive information, but the cache can be read by an actor outside of the intended control sphere.

https://github.com/angular/angular/pull/67964
Patch
Issue Tracking
https://github.com/angular/angular/security/advisories/GHSA-q6f4-qqrg-jv6x
Third Party Advisory