CVE-2026-41468— Beghelli Sicuro24 SicuroWeb AngularJS Sandbox Escape via Template Injection
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-41468
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Beghelli Sicuro24 SicuroWeb AngularJS Sandbox Escape via Template Injection
Source: NVD (National Vulnerability Database)
Vulnerability Description
Beghelli Sicuro24 SicuroWeb embeds AngularJS 1.5.2, an end-of-life component containing known sandbox escape primitives. When combined with template injection present in the same application, these primitives allow attackers to escape the AngularJS sandbox and achieve arbitrary JavaScript execution in operator browser sessions, enabling session hijacking, DOM manipulation, and persistent browser compromise. Network-adjacent attackers can deliver the complete injection and escape chain via MITM in plaintext HTTP deployments without active user interaction.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
使用未维护的第三方组件
Source: NVD (National Vulnerability Database)
Vulnerability Title
Beghelli Sicuro24 SicuroWeb 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Beghelli Sicuro24 SicuroWeb是意大利Beghelli公司的一个远程安防监控与报警管理平台。 Beghelli Sicuro24 SicuroWeb存在安全漏洞,该漏洞源于嵌入包含已知沙箱逃逸原语的AngularJS 1.5.2,结合模板注入,可能导致攻击者逃逸AngularJS沙箱并执行任意JavaScript代码。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Beghelli | SicuroWeb (Sicuro24) | 0 | - |
II. Public POCs for CVE-2026-41468
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-41468
请登录查看更多情报信息。
- CVE-2026-22191 / CVE-2026-41468 / CVE-2026-41469: AngularJS Exploit Chain to Client-Side RCE -- BOSStechnical-descriptionexploit
- https://nvd.nist.gov/vuln/detail/CVE-2026-41468
IV. Related Vulnerabilities
Same weakness: CWE-1104
- CVE-2026-21821
HCL BigFix SCM Reporting is affected by vulnerabilities in j - CVE-2025-55277
HCL Aftermarket DPC is affected by Use of Vulnerable/Outdate - CVE-2025-12104
Incorrect Content-Type Header - CVE-2025-52658
HCL MyXalytics is affected by the use of vulnerable/outdated - CVE-2025-34192
Vasion Print (formerly PrinterLogic) Usage of Outdated and U
V. Comments for CVE-2026-41468
No comments yet