CVE-2026-50170— Angular: Information Leak via Default Caching of Credentialed Requests in HttpTransferCache
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-50170
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Angular: Information Leak via Default Caching of Credentialed Requests in HttpTransferCache
Source: NVD (National Vulnerability Database)
Vulnerability Description
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15, 20.3.22, and 19.2.23, a vulnerability was discovered in @angular/common when Server-Side Rendering (SSR) and hydration are enabled. The HttpTransferCache utility optimizes hydration by caching outgoing HTTP requests performed during SSR and transferring the cached state to the client-side application via TransferState. However, the caching mechanism fails to inspect the withCredentials flag or the Cookie header of outgoing requests. As a result, credentialed, user-specific responses may be cached by default in the shared TransferState payload. When these responses are serialized into the HTML, any caching layer (such as a CDN, reverse proxy, or shared server cache) that caches the SSR-rendered HTML page could inadvertently cache and leak one user's private data to other users, leading to a high-severity information disclosure vulnerability. This vulnerability is fixed in 22.0.0-rc.2, 21.2.15, 20.3.22, and 19.2.23.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
通过缓存导致的信息暴露
Source: NVD (National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-50170
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-50170
请登录查看更多情报信息。
Other References for CVE-2026-50170 (2)
Same Patch Batch · angular · 2026-06-22 · 17 CVEs total
| CVE-2026-52725 | Angular Template and Dynamic Component Namespace Bypass leading to Cross-Site Scripting (X | |
| CVE-2026-54265 | Angular: Two-Way Property Binding Sanitization Bypass (XSS) | |
| CVE-2026-54268 | Angular: Denial of Service (DoS) via OOM in Date Formatting (formatDate) | |
| CVE-2026-54266 | Angular: Weak 32-Bit Cache Key Hashing in `HttpTransferCache` Leading to Cross-Request Dat | |
| CVE-2026-54264 | Angular: Sensitive Header Leakage on Cross-Origin Redirects in Angular Service Worker | |
| CVE-2026-54267 | Angular Client Hydration DOM Clobbering & Response-Cache Poisoning | |
| CVE-2026-49241 | Angular: Multiple Remote Code Execution Vulnerabilities in Angular Language Service VS Cod | |
| CVE-2026-50171 | Angular: Denial of Service (DoS) via OOM in Number Formatting (digitsInfo) | |
| CVE-2026-50169 | Angular Service Worker Policy-Bypass & Credential-Stripping Vulnerabilities | |
| CVE-2026-50557 | Angular: Template and Attribute Namespace Sanitization Bypass (XSS) | |
| CVE-2026-50168 | Angular: URL Parser Differential in @angular/platform-server leading to SSRF Allowlist Byp | |
| CVE-2026-50556 | Angular: Missing `<noscript>` Raw-Text Serialization Escaping leads to Cross-Site Scriptin | |
| CVE-2026-50555 | Angular: Improper Neutralization of Input During Web Page Generation ('Cross-site Scriptin | |
| CVE-2026-50184 | Angular: Request Credential & Cache Policy Stripping in Angular Service Worker | |
| CVE-2026-50178 | Angular: Remote Code Execution via JSDoc Hover Command Injection in VS Code Angular Langua | |
| CVE-2026-46417 | Angular: SSRF via Hostname Hijacking in @angular/platform-server |
IV. Related Vulnerabilities
Same product: angular
- CVE-2026-50171
Angular: Denial of Service (DoS) via OOM in Number Formattin - CVE-2026-50184
Angular: Request Credential & Cache Policy Stripping in Angu - CVE-2026-50169
Angular Service Worker Policy-Bypass & Credential-Stripping - CVE-2026-46417
Angular: SSRF via Hostname Hijacking in @angular/platform-se - CVE-2026-50168
Angular: URL Parser Differential in @angular/platform-server
Same vendor: angular
- CVE-2026-50171
Angular: Denial of Service (DoS) via OOM in Number Formattin - CVE-2026-50184
Angular: Request Credential & Cache Policy Stripping in Angu - CVE-2026-50169
Angular Service Worker Policy-Bypass & Credential-Stripping - CVE-2026-46417
Angular: SSRF via Hostname Hijacking in @angular/platform-se - CVE-2026-50168
Angular: URL Parser Differential in @angular/platform-server
Same weakness: CWE-524
- CVE-2026-53943
Ghost: Cache-poisoning XSS in Ghost frontend via x-ghost-pre - CVE-2026-9678
undici vulnerable to cross-user information disclosure via s - CVE-2026-47225
Improper Search Cache Isolation for Scoped Search API Keys i - CVE-2026-41841
Spring Framework Information Disclosure via Static Resource - CVE-2026-35193
Potential exposure of private data via missing Vary: Authori
V. Comments for CVE-2026-50170
No comments yet