Browse all 11 CVE security advisories affecting angular. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Angular is a TypeScript-based web application framework primarily used for building single-page applications and dynamic user interfaces. Historically, it has been susceptible to cross-site scripting (XSS), remote code execution (RCE), and privilege escalation vulnerabilities, often stemming from improper input validation and insecure default configurations. While Angular's built-in security features like DOM sanitization help mitigate risks, developers must still implement proper security practices. Notable incidents include CVE-2021-38540, which allowed RCE through template injection, and CVE-2022-41715, an XSS flaw in the Angular CLI. The framework's complexity and extensive third-party ecosystem contribute to its vulnerability landscape, requiring ongoing vigilance from development teams.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-41423 | Angular: SSRF via protocol-relative and backslash URLs in Angular Platform-Server — angularCWE-918 | 9.1AI | CriticalAI | 2026-05-08 |
| CVE-2026-27970 | Angular i18n vulnerable to Cross-Site Scripting (XSS) — angularCWE-79 | 6.1AI | MediumAI | 2026-02-26 |
| CVE-2026-22610 | Angular has XSS Vulnerability via Unsanitized SVG Script Attributes — angularCWE-79 | 6.1 | - | 2026-01-10 |
| CVE-2025-66412 | Angular Stored XSS Vulnerability via SVG Animation, SVG URL and MathML Attributes — angularCWE-79 | 6.1AI | MediumAI | 2025-12-01 |
| CVE-2025-66035 | Angular HTTP Client Has XSRF Token Leakage via Protocol-Relative URLs — angularCWE-201 | 6.5AI | MediumAI | 2025-11-26 |
| CVE-2025-59052 | Angular SSR: Global Platform Injector Race Condition Leads to Cross-Request Data Leakage — angularCWE-362 | 5.9AI | MediumAI | 2025-09-10 |
This page lists every published CVE security advisory associated with angular. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.