6.1

CVE-2026-50557

Angular: Template and Attribute Namespace Sanitization Bypass (XSS)

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15, 20.3.22 and 19.2.22, an issue in the @angular/compiler and @angular/core packages allows bypassing element and attribute sanitization/validation through specific namespace workarounds. Specifically, namespaced script elements (e.g., <svg:script> or <:svg:script>) were not properly identified as script elements by the Angular template preparser, allowing them to pass through template compilation without being stripped. Furthermore, security context schema mappings for element attributes did not consistently handle attributes within namespaced elements (like SVG and MathML), opening up gaps where malicious namespaced attributes could bypass runtime and compile-time sanitizers. Combined, these flaws enable an attacker who can inject or supply a template/tag structure with custom namespaces to bypass Angular's script-stripping logic and attribute sanitizers, leading to client-side Cross-Site Scripting (XSS). This vulnerability is fixed in 22.0.0-rc.2, 21.2.15, 20.3.22 and 19.2.22.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AngularAngular SwPlatformnode.js Version <= 18.2.14
AngularAngular SwPlatformnode.js Version >= 19.0.0 < 19.2.22
AngularAngular SwPlatformnode.js Version >= 20.0.0 < 20.3.22
AngularAngular SwPlatformnode.js Version >= 21.0.0 < 21.2.15
AngularAngular Version22.0.0 Updatenext0 SwPlatformnode.js
AngularAngular Version22.0.0 Updatenext1 SwPlatformnode.js
AngularAngular Version22.0.0 Updatenext10 SwPlatformnode.js
AngularAngular Version22.0.0 Updatenext11 SwPlatformnode.js
AngularAngular Version22.0.0 Updatenext12 SwPlatformnode.js
AngularAngular Version22.0.0 Updatenext2 SwPlatformnode.js
AngularAngular Version22.0.0 Updatenext3 SwPlatformnode.js
AngularAngular Version22.0.0 Updatenext4 SwPlatformnode.js
AngularAngular Version22.0.0 Updatenext5 SwPlatformnode.js
AngularAngular Version22.0.0 Updatenext6 SwPlatformnode.js
AngularAngular Version22.0.0 Updatenext7 SwPlatformnode.js
AngularAngular Version22.0.0 Updatenext8 SwPlatformnode.js
AngularAngular Version22.0.0 Updatenext9 SwPlatformnode.js
AngularAngular Version22.0.0 Updaterc0 SwPlatformnode.js
AngularAngular Version22.0.0 Updaterc1 SwPlatformnode.js
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.21% 0.107
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.1 2.8 2.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
security-advisories@github.com 5.3 0 0
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

https://github.com/angular/angular/pull/68689
Patch
Issue Tracking
https://github.com/angular/angular/pull/68868
Issue Tracking
https://github.com/angular/angular/security/advisories/GHSA-f3m7-gqxr-g87x
Third Party Advisory