Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
4 vulnerabilities found for angular_cli by angular
CVE-2026-33397 (GCVE-0-2026-33397)
Vulnerability from nvd – Published: 2026-03-26 13:46 – Updated: 2026-03-30 14:56
VLAI?
Title
Angular SSR Vulnerable to Protocol-Relative URL Injection via Single Backslash Bypass
Summary
The Angular SSR is a server-rise rendering tool for Angular applications. Versions on the 22.x branch prior to 22.0.0-next.2, the 21.x branch prior to 21.2.3, and the 20.x branch prior to 20.3.21 have an Open Redirect vulnerability in `@angular/ssr` due to an incomplete fix for CVE-2026-27738. While the original fix successfully blocked multiple leading slashes (e.g., `///`), the internal validation logic fails to account for a single backslash (`\`) bypass. When an Angular SSR application is deployed behind a proxy that passes the `X-Forwarded-Prefix` header, an attacker provides a value starting with a single backslash, the internal validation failed to flag the single backslash as invalid, the application prepends a leading forward slash, resulting in a `Location` header containing the URL, and modern browsers interpret the `/\` sequence as `//`, treating it as a protocol-relative URL and redirecting the user to the attacker-controlled domain. Furthermore, the response lacks the `Vary: X-Forwarded-Prefix` header, allowing the malicious redirect to be stored in intermediate caches (Web Cache Poisoning). Versions 22.0.0-next.2, 21.2.3, and 20.3.21 contain a patch. Until the patch is applied, developers should sanitize the `X-Forwarded-Prefix` header in their `server.ts` before the Angular engine processes the request.
Severity ?
CWE
- CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| angular | angular-cli |
Affected:
>= 22.0.0-next.0, < 22.0.0-next.2
Affected: >= 21.0.0-next.0, < 21.2.3 Affected: >= 20.0.0-next.0, < 20.3.21 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-33397",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-30T13:54:22.310595Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-30T14:56:05.822Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "angular-cli",
"vendor": "angular",
"versions": [
{
"status": "affected",
"version": "\u003e= 22.0.0-next.0, \u003c 22.0.0-next.2"
},
{
"status": "affected",
"version": "\u003e= 21.0.0-next.0, \u003c 21.2.3"
},
{
"status": "affected",
"version": "\u003e= 20.0.0-next.0, \u003c 20.3.21"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Angular SSR is a server-rise rendering tool for Angular applications. Versions on the 22.x branch prior to 22.0.0-next.2, the 21.x branch prior to 21.2.3, and the 20.x branch prior to 20.3.21 have an Open Redirect vulnerability in `@angular/ssr` due to an incomplete fix for CVE-2026-27738. While the original fix successfully blocked multiple leading slashes (e.g., `///`), the internal validation logic fails to account for a single backslash (`\\`) bypass. When an Angular SSR application is deployed behind a proxy that passes the `X-Forwarded-Prefix` header, an attacker provides a value starting with a single backslash, the internal validation failed to flag the single backslash as invalid, the application prepends a leading forward slash, resulting in a `Location` header containing the URL, and modern browsers interpret the `/\\` sequence as `//`, treating it as a protocol-relative URL and redirecting the user to the attacker-controlled domain. Furthermore, the response lacks the `Vary: X-Forwarded-Prefix` header, allowing the malicious redirect to be stored in intermediate caches (Web Cache Poisoning). Versions 22.0.0-next.2, 21.2.3, and 20.3.21 contain a patch. Until the patch is applied, developers should sanitize the `X-Forwarded-Prefix` header in their `server.ts` before the Angular engine processes the request."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-26T13:46:16.145Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/angular/angular-cli/security/advisories/GHSA-vfx2-hv2g-xj5f",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/angular/angular-cli/security/advisories/GHSA-vfx2-hv2g-xj5f"
},
{
"name": "https://github.com/angular/angular-cli/pull/32771",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/angular/angular-cli/pull/32771"
},
{
"name": "https://github.com/advisories/GHSA-xh43-g2fq-wjrj",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/advisories/GHSA-xh43-g2fq-wjrj"
}
],
"source": {
"advisory": "GHSA-vfx2-hv2g-xj5f",
"discovery": "UNKNOWN"
},
"title": "Angular SSR Vulnerable to Protocol-Relative URL Injection via Single Backslash Bypass"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-33397",
"datePublished": "2026-03-26T13:46:16.145Z",
"dateReserved": "2026-03-19T17:02:34.169Z",
"dateUpdated": "2026-03-30T14:56:05.822Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-32635 (GCVE-0-2026-32635)
Vulnerability from nvd – Published: 2026-03-13 20:58 – Updated: 2026-03-17 03:55
VLAI?
Title
Angular has XSS in i18n attribute bindings
Summary
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-next.3, 21.2.4, 20.3.18, and 19.2.20, a Cross-Site Scripting (XSS) vulnerability has been identified in the Angular runtime and compiler. It occurs when the application uses a security-sensitive attribute (for example href on an anchor tag) together with Angular's ability to internationalize attributes. Enabling internationalization for the sensitive attribute by adding i18n-<attribute> name bypasses Angular's built-in sanitization mechanism, which when combined with a data binding to untrusted user-generated data can allow an attacker to inject a malicious script. This vulnerability is fixed in 22.0.0-next.3, 21.2.4, 20.3.18, and 19.2.20.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-32635",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-16T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-17T03:55:33.785Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "compiler",
"vendor": "@angular",
"versions": [
{
"status": "affected",
"version": "\u003e= 22.0.0-next.0, \u003c 22.0.0-next.3"
},
{
"status": "affected",
"version": "\u003e= 21.0.0-next.0, \u003c 21.2.4"
},
{
"status": "affected",
"version": "\u003e= 20.0.0-next.0, \u003c 20.3.18"
},
{
"status": "affected",
"version": "\u003e= 17.0.0.next.0, \u003c 19.2.20"
}
]
},
{
"product": "core",
"vendor": "@angular",
"versions": [
{
"status": "affected",
"version": "\u003e= 22.0.0-next.0, \u003c 22.0.0-next.3"
},
{
"status": "affected",
"version": "\u003e= 21.0.0-next.0, \u003c 21.2.4"
},
{
"status": "affected",
"version": "\u003e= 20.0.0-next.0, \u003c 20.3.18"
},
{
"status": "affected",
"version": "\u003e= 17.0.0.next.0, \u003c 19.2.20"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-next.3, 21.2.4, 20.3.18, and 19.2.20, a Cross-Site Scripting (XSS) vulnerability has been identified in the Angular runtime and compiler. It occurs when the application uses a security-sensitive attribute (for example href on an anchor tag) together with Angular\u0027s ability to internationalize attributes. Enabling internationalization for the sensitive attribute by adding i18n-\u003cattribute\u003e name bypasses Angular\u0027s built-in sanitization mechanism, which when combined with a data binding to untrusted user-generated data can allow an attacker to inject a malicious script. This vulnerability is fixed in 22.0.0-next.3, 21.2.4, 20.3.18, and 19.2.20."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-13T20:58:12.554Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/angular/angular/security/advisories/GHSA-g93w-mfhg-p222",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/angular/angular/security/advisories/GHSA-g93w-mfhg-p222"
},
{
"name": "https://github.com/angular/angular/pull/67541",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/angular/angular/pull/67541"
},
{
"name": "https://github.com/angular/angular/pull/67561",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/angular/angular/pull/67561"
}
],
"source": {
"advisory": "GHSA-g93w-mfhg-p222",
"discovery": "UNKNOWN"
},
"title": "Angular has XSS in i18n attribute bindings"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-32635",
"datePublished": "2026-03-13T20:58:12.554Z",
"dateReserved": "2026-03-12T15:29:36.559Z",
"dateUpdated": "2026-03-17T03:55:33.785Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-33397 (GCVE-0-2026-33397)
Vulnerability from cvelistv5 – Published: 2026-03-26 13:46 – Updated: 2026-03-30 14:56
VLAI?
Title
Angular SSR Vulnerable to Protocol-Relative URL Injection via Single Backslash Bypass
Summary
The Angular SSR is a server-rise rendering tool for Angular applications. Versions on the 22.x branch prior to 22.0.0-next.2, the 21.x branch prior to 21.2.3, and the 20.x branch prior to 20.3.21 have an Open Redirect vulnerability in `@angular/ssr` due to an incomplete fix for CVE-2026-27738. While the original fix successfully blocked multiple leading slashes (e.g., `///`), the internal validation logic fails to account for a single backslash (`\`) bypass. When an Angular SSR application is deployed behind a proxy that passes the `X-Forwarded-Prefix` header, an attacker provides a value starting with a single backslash, the internal validation failed to flag the single backslash as invalid, the application prepends a leading forward slash, resulting in a `Location` header containing the URL, and modern browsers interpret the `/\` sequence as `//`, treating it as a protocol-relative URL and redirecting the user to the attacker-controlled domain. Furthermore, the response lacks the `Vary: X-Forwarded-Prefix` header, allowing the malicious redirect to be stored in intermediate caches (Web Cache Poisoning). Versions 22.0.0-next.2, 21.2.3, and 20.3.21 contain a patch. Until the patch is applied, developers should sanitize the `X-Forwarded-Prefix` header in their `server.ts` before the Angular engine processes the request.
Severity ?
CWE
- CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| angular | angular-cli |
Affected:
>= 22.0.0-next.0, < 22.0.0-next.2
Affected: >= 21.0.0-next.0, < 21.2.3 Affected: >= 20.0.0-next.0, < 20.3.21 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-33397",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-30T13:54:22.310595Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-30T14:56:05.822Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "angular-cli",
"vendor": "angular",
"versions": [
{
"status": "affected",
"version": "\u003e= 22.0.0-next.0, \u003c 22.0.0-next.2"
},
{
"status": "affected",
"version": "\u003e= 21.0.0-next.0, \u003c 21.2.3"
},
{
"status": "affected",
"version": "\u003e= 20.0.0-next.0, \u003c 20.3.21"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Angular SSR is a server-rise rendering tool for Angular applications. Versions on the 22.x branch prior to 22.0.0-next.2, the 21.x branch prior to 21.2.3, and the 20.x branch prior to 20.3.21 have an Open Redirect vulnerability in `@angular/ssr` due to an incomplete fix for CVE-2026-27738. While the original fix successfully blocked multiple leading slashes (e.g., `///`), the internal validation logic fails to account for a single backslash (`\\`) bypass. When an Angular SSR application is deployed behind a proxy that passes the `X-Forwarded-Prefix` header, an attacker provides a value starting with a single backslash, the internal validation failed to flag the single backslash as invalid, the application prepends a leading forward slash, resulting in a `Location` header containing the URL, and modern browsers interpret the `/\\` sequence as `//`, treating it as a protocol-relative URL and redirecting the user to the attacker-controlled domain. Furthermore, the response lacks the `Vary: X-Forwarded-Prefix` header, allowing the malicious redirect to be stored in intermediate caches (Web Cache Poisoning). Versions 22.0.0-next.2, 21.2.3, and 20.3.21 contain a patch. Until the patch is applied, developers should sanitize the `X-Forwarded-Prefix` header in their `server.ts` before the Angular engine processes the request."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-26T13:46:16.145Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/angular/angular-cli/security/advisories/GHSA-vfx2-hv2g-xj5f",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/angular/angular-cli/security/advisories/GHSA-vfx2-hv2g-xj5f"
},
{
"name": "https://github.com/angular/angular-cli/pull/32771",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/angular/angular-cli/pull/32771"
},
{
"name": "https://github.com/advisories/GHSA-xh43-g2fq-wjrj",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/advisories/GHSA-xh43-g2fq-wjrj"
}
],
"source": {
"advisory": "GHSA-vfx2-hv2g-xj5f",
"discovery": "UNKNOWN"
},
"title": "Angular SSR Vulnerable to Protocol-Relative URL Injection via Single Backslash Bypass"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-33397",
"datePublished": "2026-03-26T13:46:16.145Z",
"dateReserved": "2026-03-19T17:02:34.169Z",
"dateUpdated": "2026-03-30T14:56:05.822Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-32635 (GCVE-0-2026-32635)
Vulnerability from cvelistv5 – Published: 2026-03-13 20:58 – Updated: 2026-03-17 03:55
VLAI?
Title
Angular has XSS in i18n attribute bindings
Summary
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-next.3, 21.2.4, 20.3.18, and 19.2.20, a Cross-Site Scripting (XSS) vulnerability has been identified in the Angular runtime and compiler. It occurs when the application uses a security-sensitive attribute (for example href on an anchor tag) together with Angular's ability to internationalize attributes. Enabling internationalization for the sensitive attribute by adding i18n-<attribute> name bypasses Angular's built-in sanitization mechanism, which when combined with a data binding to untrusted user-generated data can allow an attacker to inject a malicious script. This vulnerability is fixed in 22.0.0-next.3, 21.2.4, 20.3.18, and 19.2.20.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-32635",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-16T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-17T03:55:33.785Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "compiler",
"vendor": "@angular",
"versions": [
{
"status": "affected",
"version": "\u003e= 22.0.0-next.0, \u003c 22.0.0-next.3"
},
{
"status": "affected",
"version": "\u003e= 21.0.0-next.0, \u003c 21.2.4"
},
{
"status": "affected",
"version": "\u003e= 20.0.0-next.0, \u003c 20.3.18"
},
{
"status": "affected",
"version": "\u003e= 17.0.0.next.0, \u003c 19.2.20"
}
]
},
{
"product": "core",
"vendor": "@angular",
"versions": [
{
"status": "affected",
"version": "\u003e= 22.0.0-next.0, \u003c 22.0.0-next.3"
},
{
"status": "affected",
"version": "\u003e= 21.0.0-next.0, \u003c 21.2.4"
},
{
"status": "affected",
"version": "\u003e= 20.0.0-next.0, \u003c 20.3.18"
},
{
"status": "affected",
"version": "\u003e= 17.0.0.next.0, \u003c 19.2.20"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-next.3, 21.2.4, 20.3.18, and 19.2.20, a Cross-Site Scripting (XSS) vulnerability has been identified in the Angular runtime and compiler. It occurs when the application uses a security-sensitive attribute (for example href on an anchor tag) together with Angular\u0027s ability to internationalize attributes. Enabling internationalization for the sensitive attribute by adding i18n-\u003cattribute\u003e name bypasses Angular\u0027s built-in sanitization mechanism, which when combined with a data binding to untrusted user-generated data can allow an attacker to inject a malicious script. This vulnerability is fixed in 22.0.0-next.3, 21.2.4, 20.3.18, and 19.2.20."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-13T20:58:12.554Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/angular/angular/security/advisories/GHSA-g93w-mfhg-p222",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/angular/angular/security/advisories/GHSA-g93w-mfhg-p222"
},
{
"name": "https://github.com/angular/angular/pull/67541",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/angular/angular/pull/67541"
},
{
"name": "https://github.com/angular/angular/pull/67561",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/angular/angular/pull/67561"
}
],
"source": {
"advisory": "GHSA-g93w-mfhg-p222",
"discovery": "UNKNOWN"
},
"title": "Angular has XSS in i18n attribute bindings"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-32635",
"datePublished": "2026-03-13T20:58:12.554Z",
"dateReserved": "2026-03-12T15:29:36.559Z",
"dateUpdated": "2026-03-17T03:55:33.785Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}