Browse all 10 CVE security advisories affecting angular. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Angular is a TypeScript-based web application framework primarily used for building single-page applications and dynamic user interfaces. Historically, it has been susceptible to cross-site scripting (XSS), remote code execution (RCE), and privilege escalation vulnerabilities, often stemming from improper input validation and insecure default configurations. While Angular's built-in security features like DOM sanitization help mitigate risks, developers must still implement proper security practices. Notable incidents include CVE-2021-38540, which allowed RCE through template injection, and CVE-2022-41715, an XSS flaw in the Angular CLI. The framework's complexity and extensive third-party ecosystem contribute to its vulnerability landscape, requiring ongoing vigilance from development teams.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-33397 | Angular SSR Vulnerable to Protocol-Relative URL Injection via Single Backslash Bypass — angular-cliCWE-601 | 6.1 | - | 2026-03-26 |
| CVE-2026-27739 | Angular SSR is vulnerable to SSRF and Header Injection via request handling pipeline — angular-cliCWE-918 | 9.8AI | CriticalAI | 2026-02-25 |
| CVE-2026-27738 | Angular SSR has an Open Redirect via X-Forwarded-Prefix — angular-cliCWE-601 | 6.1AI | MediumAI | 2026-02-25 |
| CVE-2025-62427 | Server-Side Request Forgery (SSRF) in Angular SSR — angular-cliCWE-918 | 9.1AI | CriticalAI | 2025-10-16 |
This page lists every published CVE security advisory associated with angular. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.