Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-50170 (GCVE-0-2026-50170)
Vulnerability from cvelistv5 – Published: 2026-06-22 15:39 – Updated: 2026-06-22 16:01
VLAI
EPSS
Title
Angular: Information Leak via Default Caching of Credentialed Requests in HttpTransferCache
Summary
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15, 20.3.22, and 19.2.23, a vulnerability was discovered in @angular/common when Server-Side Rendering (SSR) and hydration are enabled. The HttpTransferCache utility optimizes hydration by caching outgoing HTTP requests performed during SSR and transferring the cached state to the client-side application via TransferState. However, the caching mechanism fails to inspect the withCredentials flag or the Cookie header of outgoing requests. As a result, credentialed, user-specific responses may be cached by default in the shared TransferState payload. When these responses are serialized into the HTML, any caching layer (such as a CDN, reverse proxy, or shared server cache) that caches the SSR-rendered HTML page could inadvertently cache and leak one user's private data to other users, leading to a high-severity information disclosure vulnerability. This vulnerability is fixed in 22.0.0-rc.2, 21.2.15, 20.3.22, and 19.2.23.
Severity
CWE
- CWE-524 - Use of Cache Containing Sensitive Information
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/angular/angular/security/advis… | x_refsource_CONFIRM |
| https://github.com/angular/angular/pull/67964 | x_refsource_MISC |
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"product": "angular",
"vendor": "angular",
"versions": [
{
"status": "affected",
"version": "\u003e= 22.0.0-next.0, \u003c 22.0.0-rc.2"
},
{
"status": "affected",
"version": "\u003e= 21.0.0-next.0, \u003c 21.2.15"
},
{
"status": "affected",
"version": "\u003e= 20.0.0-next.0, \u003c 20.3.22"
},
{
"status": "affected",
"version": "\u003e= 19.0.0-next.0, \u003c 19.2.23"
},
{
"status": "affected",
"version": "\u003c= 18.2.14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15, 20.3.22, and 19.2.23, a vulnerability was discovered in @angular/common when Server-Side Rendering (SSR) and hydration are enabled. The HttpTransferCache utility optimizes hydration by caching outgoing HTTP requests performed during SSR and transferring the cached state to the client-side application via TransferState. However, the caching mechanism fails to inspect the withCredentials flag or the Cookie header of outgoing requests. As a result, credentialed, user-specific responses may be cached by default in the shared TransferState payload. When these responses are serialized into the HTML, any caching layer (such as a CDN, reverse proxy, or shared server cache) that caches the SSR-rendered HTML page could inadvertently cache and leak one user\u0027s private data to other users, leading to a high-severity information disclosure vulnerability. This vulnerability is fixed in 22.0.0-rc.2, 21.2.15, 20.3.22, and 19.2.23."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-524",
"description": "CWE-524: Use of Cache Containing Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-22T16:01:17.572Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/angular/angular/security/advisories/GHSA-q6f4-qqrg-jv6x",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/angular/angular/security/advisories/GHSA-q6f4-qqrg-jv6x"
},
{
"name": "https://github.com/angular/angular/pull/67964",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/angular/angular/pull/67964"
}
],
"source": {
"advisory": "GHSA-q6f4-qqrg-jv6x",
"discovery": "UNKNOWN"
},
"title": "Angular: Information Leak via Default Caching of Credentialed Requests in HttpTransferCache"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-50170",
"datePublished": "2026-06-22T15:39:08.877Z",
"dateReserved": "2026-06-03T20:54:20.433Z",
"dateUpdated": "2026-06-22T16:01:17.572Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-50170",
"date": "2026-06-14",
"epss": "0.0009",
"percentile": "0.25773"
}
}
}
GHSA-Q6F4-QQRG-JV6X
Vulnerability from github – Published: 2026-06-15 16:51 – Updated: 2026-06-15 16:51
VLAI
Summary
@angular/common: Information Leak via Default Caching of Credentialed Requests in HttpTransferCache
Details
A vulnerability was discovered in @angular/common when Server-Side Rendering (SSR) and hydration are enabled. The HttpTransferCache utility optimizes hydration by caching outgoing HTTP requests performed during SSR and transferring the cached state to the client-side application via TransferState.
However, the caching mechanism fails to inspect the withCredentials flag or the Cookie header of outgoing requests. As a result, credentialed, user-specific responses may be cached by default in the shared TransferState payload. When these responses are serialized into the HTML, any caching layer (such as a CDN, reverse proxy, or shared server cache) that caches the SSR-rendered HTML page could inadvertently cache and leak one user's private data to other users, leading to a high-severity information disclosure vulnerability.
Impact
Successful exploitation allows an unauthenticated attacker to obtain sensitive, user-specific information of other authenticated users. This occurs when:
- The SSR-rendered HTML containing the cached private data is stored in a shared cache (e.g., CDN, reverse proxy).
- Subsequent requests for the same page receive the cached HTML containing the first user's private data.
Attack Preconditions
- SSR and Hydration Enabled: The Angular application must be configured to use Server-Side Rendering and hydration (e.g., using
provideClientHydration()). - Credentialed Requests during SSR: The application must perform HTTP requests that require user-specific authentication (using cookies or
withCredentials: true) during the initial server-side render. - Shared Caching: The application's HTML responses must be cached by a shared caching layer (CDN, reverse proxy, or server-side cache) without proper cache-control headers to distinguish authenticated users.
Patches
- 22.0.0-rc.2
- 21.2.15
- 20.3.22
- 19.2.23
Severity
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "@angular/common"
},
"ranges": [
{
"events": [
{
"introduced": "22.0.0-next.0"
},
{
"fixed": "22.0.0-rc.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "@angular/common"
},
"ranges": [
{
"events": [
{
"introduced": "20.0.0-next.0"
},
{
"fixed": "20.3.22"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "@angular/common"
},
"ranges": [
{
"events": [
{
"introduced": "19.0.0-next.0"
},
{
"fixed": "19.2.23"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "@angular/common"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "18.2.14"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "@angular/common"
},
"ranges": [
{
"events": [
{
"introduced": "21.0.0-next.0"
},
{
"fixed": "21.2.15"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-50170"
],
"database_specific": {
"cwe_ids": [
"CWE-524"
],
"github_reviewed": true,
"github_reviewed_at": "2026-06-15T16:51:53Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "A vulnerability was discovered in `@angular/common` when Server-Side Rendering (SSR) and hydration are enabled. The `HttpTransferCache` utility optimizes hydration by caching outgoing HTTP requests performed during SSR and transferring the cached state to the client-side application via `TransferState`.\n\nHowever, the caching mechanism fails to inspect the `withCredentials` flag or the `Cookie` header of outgoing requests. As a result, credentialed, user-specific responses may be cached by default in the shared `TransferState` payload. When these responses are serialized into the HTML, any caching layer (such as a CDN, reverse proxy, or shared server cache) that caches the SSR-rendered HTML page could inadvertently cache and leak one user\u0027s private data to other users, leading to a high-severity information disclosure vulnerability.\n\n### Impact\n\nSuccessful exploitation allows an unauthenticated attacker to obtain sensitive, user-specific information of other authenticated users. This occurs when:\n\n* The SSR-rendered HTML containing the cached private data is stored in a shared cache (e.g., CDN, reverse proxy). \n* Subsequent requests for the same page receive the cached HTML containing the first user\u0027s private data.\n\n### Attack Preconditions\n\n* **SSR and Hydration Enabled:** The Angular application must be configured to use Server-Side Rendering and hydration (e.g., using `provideClientHydration()`). \n* **Credentialed Requests during SSR:** The application must perform HTTP requests that require user-specific authentication (using cookies or `withCredentials: true`) during the initial server-side render. \n* **Shared Caching:** The application\u0027s HTML responses must be cached by a shared caching layer (CDN, reverse proxy, or server-side cache) without proper cache-control headers to distinguish authenticated users.\n\n### Patches\n- 22.0.0-rc.2\n- 21.2.15\n- 20.3.22\n- 19.2.23",
"id": "GHSA-q6f4-qqrg-jv6x",
"modified": "2026-06-15T16:51:53Z",
"published": "2026-06-15T16:51:53Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/angular/angular/security/advisories/GHSA-q6f4-qqrg-jv6x"
},
{
"type": "WEB",
"url": "https://github.com/angular/angular/pull/67964"
},
{
"type": "PACKAGE",
"url": "https://github.com/angular/angular"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "@angular/common: Information Leak via Default Caching of Credentialed Requests in HttpTransferCache"
}
WID-SEC-W-2026-1930
Vulnerability from csaf_certbund - Published: 2026-06-15 22:00 - Updated: 2026-06-15 22:00Summary
Angular: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Angular ist ein TypeScript-basiertes Front-End-Webapplikationsframework. Es ist eine Weiterentwicklung des JavaScript basierten AngularJS.
Angriff: Ein Angreifer kann mehrere Schwachstellen in Angular ausnutzen, um erweiterte Berechtigungen zu erlangen, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, Cross-Site-Scripting-Angriffe durchzuführen, einen Denial-of-Service-Zustand herbeizuführen, Daten zu manipulieren oder offenzulegen, Benutzer auf bösartige Websites umzuleiten oder Sitzungen zu kapern.
Betroffene Betriebssysteme: - Sonstiges
- UNIX
- Windows
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Angular <19.2.23
Open Source / Angular
|
<19.2.23 | ||
|
Open Source Angular <20.3.22
Open Source / Angular
|
<20.3.22 | ||
|
Open Source Angular <21.2.15
Open Source / Angular
|
<21.2.15 | ||
|
Open Source Angular <22.0.0-rc.2
Open Source / Angular
|
<22.0.0-rc.2 | ||
|
Open Source Angular <22.0.1
Open Source / Angular
|
<22.0.1 | ||
|
Open Source Angular <19.2.22
Open Source / Angular
|
<19.2.22 | ||
|
Open Source Angular <20.3.25
Open Source / Angular
|
<20.3.25 | ||
|
Open Source Angular <21.2.17
Open Source / Angular
|
<21.2.17 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Angular <19.2.23
Open Source / Angular
|
<19.2.23 | ||
|
Open Source Angular <20.3.22
Open Source / Angular
|
<20.3.22 | ||
|
Open Source Angular <21.2.15
Open Source / Angular
|
<21.2.15 | ||
|
Open Source Angular <22.0.0-rc.2
Open Source / Angular
|
<22.0.0-rc.2 | ||
|
Open Source Angular <22.0.1
Open Source / Angular
|
<22.0.1 | ||
|
Open Source Angular <19.2.22
Open Source / Angular
|
<19.2.22 | ||
|
Open Source Angular <20.3.25
Open Source / Angular
|
<20.3.25 | ||
|
Open Source Angular <21.2.17
Open Source / Angular
|
<21.2.17 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Angular <19.2.23
Open Source / Angular
|
<19.2.23 | ||
|
Open Source Angular <20.3.22
Open Source / Angular
|
<20.3.22 | ||
|
Open Source Angular <21.2.15
Open Source / Angular
|
<21.2.15 | ||
|
Open Source Angular <22.0.0-rc.2
Open Source / Angular
|
<22.0.0-rc.2 | ||
|
Open Source Angular <22.0.1
Open Source / Angular
|
<22.0.1 | ||
|
Open Source Angular <19.2.22
Open Source / Angular
|
<19.2.22 | ||
|
Open Source Angular <20.3.25
Open Source / Angular
|
<20.3.25 | ||
|
Open Source Angular <21.2.17
Open Source / Angular
|
<21.2.17 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Angular <19.2.23
Open Source / Angular
|
<19.2.23 | ||
|
Open Source Angular <20.3.22
Open Source / Angular
|
<20.3.22 | ||
|
Open Source Angular <21.2.15
Open Source / Angular
|
<21.2.15 | ||
|
Open Source Angular <22.0.0-rc.2
Open Source / Angular
|
<22.0.0-rc.2 | ||
|
Open Source Angular <22.0.1
Open Source / Angular
|
<22.0.1 | ||
|
Open Source Angular <19.2.22
Open Source / Angular
|
<19.2.22 | ||
|
Open Source Angular <20.3.25
Open Source / Angular
|
<20.3.25 | ||
|
Open Source Angular <21.2.17
Open Source / Angular
|
<21.2.17 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Angular <19.2.23
Open Source / Angular
|
<19.2.23 | ||
|
Open Source Angular <20.3.22
Open Source / Angular
|
<20.3.22 | ||
|
Open Source Angular <21.2.15
Open Source / Angular
|
<21.2.15 | ||
|
Open Source Angular <22.0.0-rc.2
Open Source / Angular
|
<22.0.0-rc.2 | ||
|
Open Source Angular <22.0.1
Open Source / Angular
|
<22.0.1 | ||
|
Open Source Angular <19.2.22
Open Source / Angular
|
<19.2.22 | ||
|
Open Source Angular <20.3.25
Open Source / Angular
|
<20.3.25 | ||
|
Open Source Angular <21.2.17
Open Source / Angular
|
<21.2.17 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Angular <19.2.23
Open Source / Angular
|
<19.2.23 | ||
|
Open Source Angular <20.3.22
Open Source / Angular
|
<20.3.22 | ||
|
Open Source Angular <21.2.15
Open Source / Angular
|
<21.2.15 | ||
|
Open Source Angular <22.0.0-rc.2
Open Source / Angular
|
<22.0.0-rc.2 | ||
|
Open Source Angular <22.0.1
Open Source / Angular
|
<22.0.1 | ||
|
Open Source Angular <19.2.22
Open Source / Angular
|
<19.2.22 | ||
|
Open Source Angular <20.3.25
Open Source / Angular
|
<20.3.25 | ||
|
Open Source Angular <21.2.17
Open Source / Angular
|
<21.2.17 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Angular <19.2.23
Open Source / Angular
|
<19.2.23 | ||
|
Open Source Angular <20.3.22
Open Source / Angular
|
<20.3.22 | ||
|
Open Source Angular <21.2.15
Open Source / Angular
|
<21.2.15 | ||
|
Open Source Angular <22.0.0-rc.2
Open Source / Angular
|
<22.0.0-rc.2 | ||
|
Open Source Angular <22.0.1
Open Source / Angular
|
<22.0.1 | ||
|
Open Source Angular <19.2.22
Open Source / Angular
|
<19.2.22 | ||
|
Open Source Angular <20.3.25
Open Source / Angular
|
<20.3.25 | ||
|
Open Source Angular <21.2.17
Open Source / Angular
|
<21.2.17 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Angular <19.2.23
Open Source / Angular
|
<19.2.23 | ||
|
Open Source Angular <20.3.22
Open Source / Angular
|
<20.3.22 | ||
|
Open Source Angular <21.2.15
Open Source / Angular
|
<21.2.15 | ||
|
Open Source Angular <22.0.0-rc.2
Open Source / Angular
|
<22.0.0-rc.2 | ||
|
Open Source Angular <22.0.1
Open Source / Angular
|
<22.0.1 | ||
|
Open Source Angular <19.2.22
Open Source / Angular
|
<19.2.22 | ||
|
Open Source Angular <20.3.25
Open Source / Angular
|
<20.3.25 | ||
|
Open Source Angular <21.2.17
Open Source / Angular
|
<21.2.17 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Angular <19.2.23
Open Source / Angular
|
<19.2.23 | ||
|
Open Source Angular <20.3.22
Open Source / Angular
|
<20.3.22 | ||
|
Open Source Angular <21.2.15
Open Source / Angular
|
<21.2.15 | ||
|
Open Source Angular <22.0.0-rc.2
Open Source / Angular
|
<22.0.0-rc.2 | ||
|
Open Source Angular <22.0.1
Open Source / Angular
|
<22.0.1 | ||
|
Open Source Angular <19.2.22
Open Source / Angular
|
<19.2.22 | ||
|
Open Source Angular <20.3.25
Open Source / Angular
|
<20.3.25 | ||
|
Open Source Angular <21.2.17
Open Source / Angular
|
<21.2.17 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Angular <19.2.23
Open Source / Angular
|
<19.2.23 | ||
|
Open Source Angular <20.3.22
Open Source / Angular
|
<20.3.22 | ||
|
Open Source Angular <21.2.15
Open Source / Angular
|
<21.2.15 | ||
|
Open Source Angular <22.0.0-rc.2
Open Source / Angular
|
<22.0.0-rc.2 | ||
|
Open Source Angular <22.0.1
Open Source / Angular
|
<22.0.1 | ||
|
Open Source Angular <19.2.22
Open Source / Angular
|
<19.2.22 | ||
|
Open Source Angular <20.3.25
Open Source / Angular
|
<20.3.25 | ||
|
Open Source Angular <21.2.17
Open Source / Angular
|
<21.2.17 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Angular <19.2.23
Open Source / Angular
|
<19.2.23 | ||
|
Open Source Angular <20.3.22
Open Source / Angular
|
<20.3.22 | ||
|
Open Source Angular <21.2.15
Open Source / Angular
|
<21.2.15 | ||
|
Open Source Angular <22.0.0-rc.2
Open Source / Angular
|
<22.0.0-rc.2 | ||
|
Open Source Angular <22.0.1
Open Source / Angular
|
<22.0.1 | ||
|
Open Source Angular <19.2.22
Open Source / Angular
|
<19.2.22 | ||
|
Open Source Angular <20.3.25
Open Source / Angular
|
<20.3.25 | ||
|
Open Source Angular <21.2.17
Open Source / Angular
|
<21.2.17 |
References
13 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Angular ist ein TypeScript-basiertes Front-End-Webapplikationsframework. Es ist eine Weiterentwicklung des JavaScript basierten AngularJS.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in Angular ausnutzen, um erweiterte Berechtigungen zu erlangen, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, Cross-Site-Scripting-Angriffe durchzuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Daten zu manipulieren oder offenzulegen, Benutzer auf b\u00f6sartige Websites umzuleiten oder Sitzungen zu kapern.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-1930 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1930.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-1930 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1930"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-692r-grfm-v8x7 vom 2026-06-15",
"url": "https://github.com/advisories/GHSA-692r-grfm-v8x7"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-95qp-cmmw-mgqv vom 2026-06-15",
"url": "https://github.com/advisories/GHSA-95qp-cmmw-mgqv"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-f3m7-gqxr-g87x vom 2026-06-15",
"url": "https://github.com/advisories/GHSA-f3m7-gqxr-g87x"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-gv2q-mqqv-365m vom 2026-06-15",
"url": "https://github.com/advisories/GHSA-gv2q-mqqv-365m"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-gxx4-3xcv-f8qx vom 2026-06-15",
"url": "https://github.com/advisories/GHSA-gxx4-3xcv-f8qx"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-hqr9-c56f-3x7f vom 2026-06-15",
"url": "https://github.com/advisories/GHSA-hqr9-c56f-3x7f"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-p3vc-36g9-x9gr vom 2026-06-15",
"url": "https://github.com/advisories/GHSA-p3vc-36g9-x9gr"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-q6f4-qqrg-jv6x vom 2026-06-15",
"url": "https://github.com/advisories/GHSA-q6f4-qqrg-jv6x"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-qxh6-94w6-9r5p vom 2026-06-15",
"url": "https://github.com/advisories/GHSA-qxh6-94w6-9r5p"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-rgjc-h3x7-9mwg vom 2026-06-15",
"url": "https://github.com/advisories/GHSA-rgjc-h3x7-9mwg"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-xrxm-cp7j-8xf6 vom 2026-06-15",
"url": "https://github.com/advisories/GHSA-xrxm-cp7j-8xf6"
}
],
"source_lang": "en-US",
"title": "Angular: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-06-15T22:00:00.000+00:00",
"generator": {
"date": "2026-06-16T09:04:52.763+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.6.0"
}
},
"id": "WID-SEC-W-2026-1930",
"initial_release_date": "2026-06-15T22:00:00.000+00:00",
"revision_history": [
{
"date": "2026-06-15T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c22.0.1",
"product": {
"name": "Open Source Angular \u003c22.0.1",
"product_id": "T055406"
}
},
{
"category": "product_version",
"name": "22.0.1",
"product": {
"name": "Open Source Angular 22.0.1",
"product_id": "T055406-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:angular:angular:22.0.1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c22.0.0-rc.2",
"product": {
"name": "Open Source Angular \u003c22.0.0-rc.2",
"product_id": "T055407"
}
},
{
"category": "product_version",
"name": "22.0.0-rc.2",
"product": {
"name": "Open Source Angular 22.0.0-rc.2",
"product_id": "T055407-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:angular:angular:22.0.0-rc.2"
}
}
},
{
"category": "product_version_range",
"name": "\u003c21.2.15",
"product": {
"name": "Open Source Angular \u003c21.2.15",
"product_id": "T055408"
}
},
{
"category": "product_version",
"name": "21.2.15",
"product": {
"name": "Open Source Angular 21.2.15",
"product_id": "T055408-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:angular:angular:21.2.15"
}
}
},
{
"category": "product_version_range",
"name": "\u003c20.3.22",
"product": {
"name": "Open Source Angular \u003c20.3.22",
"product_id": "T055409"
}
},
{
"category": "product_version",
"name": "20.3.22",
"product": {
"name": "Open Source Angular 20.3.22",
"product_id": "T055409-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:angular:angular:20.3.22"
}
}
},
{
"category": "product_version_range",
"name": "\u003c19.2.23",
"product": {
"name": "Open Source Angular \u003c19.2.23",
"product_id": "T055410"
}
},
{
"category": "product_version",
"name": "19.2.23",
"product": {
"name": "Open Source Angular 19.2.23",
"product_id": "T055410-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:angular:angular:19.2.23"
}
}
},
{
"category": "product_version_range",
"name": "\u003c21.2.17",
"product": {
"name": "Open Source Angular \u003c21.2.17",
"product_id": "T055411"
}
},
{
"category": "product_version",
"name": "21.2.17",
"product": {
"name": "Open Source Angular 21.2.17",
"product_id": "T055411-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:angular:angular:21.2.17"
}
}
},
{
"category": "product_version_range",
"name": "\u003c20.3.25",
"product": {
"name": "Open Source Angular \u003c20.3.25",
"product_id": "T055412"
}
},
{
"category": "product_version",
"name": "20.3.25",
"product": {
"name": "Open Source Angular 20.3.25",
"product_id": "T055412-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:angular:angular:20.3.25"
}
}
},
{
"category": "product_version_range",
"name": "\u003c19.2.22",
"product": {
"name": "Open Source Angular \u003c19.2.22",
"product_id": "T055413"
}
},
{
"category": "product_version",
"name": "19.2.22",
"product": {
"name": "Open Source Angular 19.2.22",
"product_id": "T055413-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:angular:angular:19.2.22"
}
}
}
],
"category": "product_name",
"name": "Angular"
}
],
"category": "vendor",
"name": "Open Source"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-50168",
"product_status": {
"known_affected": [
"T055410",
"T055409",
"T055408",
"T055407",
"T055406",
"T055413",
"T055412",
"T055411"
]
},
"release_date": "2026-06-15T22:00:00.000+00:00",
"title": "CVE-2026-50168"
},
{
"cve": "CVE-2026-50169",
"product_status": {
"known_affected": [
"T055410",
"T055409",
"T055408",
"T055407",
"T055406",
"T055413",
"T055412",
"T055411"
]
},
"release_date": "2026-06-15T22:00:00.000+00:00",
"title": "CVE-2026-50169"
},
{
"cve": "CVE-2026-50170",
"product_status": {
"known_affected": [
"T055410",
"T055409",
"T055408",
"T055407",
"T055406",
"T055413",
"T055412",
"T055411"
]
},
"release_date": "2026-06-15T22:00:00.000+00:00",
"title": "CVE-2026-50170"
},
{
"cve": "CVE-2026-50171",
"product_status": {
"known_affected": [
"T055410",
"T055409",
"T055408",
"T055407",
"T055406",
"T055413",
"T055412",
"T055411"
]
},
"release_date": "2026-06-15T22:00:00.000+00:00",
"title": "CVE-2026-50171"
},
{
"cve": "CVE-2026-50184",
"product_status": {
"known_affected": [
"T055410",
"T055409",
"T055408",
"T055407",
"T055406",
"T055413",
"T055412",
"T055411"
]
},
"release_date": "2026-06-15T22:00:00.000+00:00",
"title": "CVE-2026-50184"
},
{
"cve": "CVE-2026-50555",
"product_status": {
"known_affected": [
"T055410",
"T055409",
"T055408",
"T055407",
"T055406",
"T055413",
"T055412",
"T055411"
]
},
"release_date": "2026-06-15T22:00:00.000+00:00",
"title": "CVE-2026-50555"
},
{
"cve": "CVE-2026-50556",
"product_status": {
"known_affected": [
"T055410",
"T055409",
"T055408",
"T055407",
"T055406",
"T055413",
"T055412",
"T055411"
]
},
"release_date": "2026-06-15T22:00:00.000+00:00",
"title": "CVE-2026-50556"
},
{
"cve": "CVE-2026-50557",
"product_status": {
"known_affected": [
"T055410",
"T055409",
"T055408",
"T055407",
"T055406",
"T055413",
"T055412",
"T055411"
]
},
"release_date": "2026-06-15T22:00:00.000+00:00",
"title": "CVE-2026-50557"
},
{
"cve": "CVE-2026-52725",
"product_status": {
"known_affected": [
"T055410",
"T055409",
"T055408",
"T055407",
"T055406",
"T055413",
"T055412",
"T055411"
]
},
"release_date": "2026-06-15T22:00:00.000+00:00",
"title": "CVE-2026-52725"
},
{
"cve": "CVE-2026-54264",
"product_status": {
"known_affected": [
"T055410",
"T055409",
"T055408",
"T055407",
"T055406",
"T055413",
"T055412",
"T055411"
]
},
"release_date": "2026-06-15T22:00:00.000+00:00",
"title": "CVE-2026-54264"
},
{
"cve": "CVE-2026-54267",
"product_status": {
"known_affected": [
"T055410",
"T055409",
"T055408",
"T055407",
"T055406",
"T055413",
"T055412",
"T055411"
]
},
"release_date": "2026-06-15T22:00:00.000+00:00",
"title": "CVE-2026-54267"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…