Approved changes feed: RSS · Atom

cpe:2.3:a:angular:angular_cli:22.0.0:next1:*:*:*:node.js:*:*

part: a version: 22.0.0 update: next1

VendorAngular (d8cfb05c-218e-5baa-85be-4cd660bbc13e)
ProductAngular Cli (8d0182e8-4fa5-5e50-ba87-f19d0a596824)
Edition*
Language*
Software edition*
Target softwarenode.js
Target hardware*
Other*
NotesImported from NVD CPE 2.0 feed

PURL mappings

PURLSourceLast updated
pkg:github/angular/angular-cli purl2cpe 2026-06-01 10:15:51.352163

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2026-33397 vulnerable 2026-06-08 07:59:09.864682 Angular SSR Vulnerable to Protocol-Relative URL Injection via Single Backslash Bypass
The Angular SSR is a server-rise rendering tool for Angular applications. Versions on the 22.x branch prior to 22.0.0-next.2, the 21.x branch prior to 21.2.3, and the 20.x branch prior to 20.3.21 have an Open Redirect vulnerability in `@angular/ssr` due to an incomplete fix for CVE-2026-27738. While the original fix successfully blocked multiple leading slashes (e.g., `///`), the internal validation logic fails to account for a single backslash (`\`) bypass. When an Angular SSR application is deployed behind a proxy that passes the `X-Forwarded-Prefix` header, an attacker provides a value starting with a single backslash, the internal validation failed to flag the single backslash as invalid, the application prepends a leading forward slash, resulting in a `Location` header containing the URL, and modern browsers interpret the `/\` sequence as `//`, treating it as a protocol-relative URL and redirecting the user to the attacker-controlled domain. Furthermore, the response lacks the `Vary: X-Forwarded-Prefix` header, allowing the malicious redirect to be stored in intermediate caches (Web Cache Poisoning). Versions 22.0.0-next.2, 21.2.3, and 20.3.21 contain a patch. Until the patch is applied, developers should sanitize the `X-Forwarded-Prefix` header in their `server.ts` before the Angular engine processes the request.
Published: 2026-03-26T13:46:16.145Z
Updated: 2026-03-30T14:56:05.822Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.