CVE-2026-22610

MEDIUM

Angular < 19.2.18, 20.3.16, 21.0.7, 21.1.0-rc.0 - Cross-Site Scripting via SVG Script Href Attribute

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2026-22610. PoCs published by ashizZz.

AI-analyzed exploit summary This repository contains a Node.js-based scanner for detecting XSS vulnerabilities in Angular projects related to CVE-2026-22610. It identifies unsafe SVG script elements, Angular bindings, and bypassSecurityTrustResourceUrl usage.

Description

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.18, 20.3.16, 21.0.7, and 21.1.0-rc.0, a cross-site scripting (XSS) vulnerability has been identified in the Angular Template Compiler. The vulnerability exists because Angular’s internal sanitization schema fails to recognize the href and xlink:href attributes of SVG <script> elements as a Resource URL context. This issue has been patched in versions 19.2.18, 20.3.16, 21.0.7, and 21.1.0-rc.0.

Exploits (1)

nomisec SCANNER

by ashizZz · poc

https://github.com/ashizZz/CVE-2026-22610

View Code ZIP pw:eip

This repository contains a Node.js-based scanner for detecting XSS vulnerabilities in Angular projects related to CVE-2026-22610. It identifies unsafe SVG script elements, Angular bindings, and bypassSecurityTrustResourceUrl usage.

Classification

Scanner 95%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Angular (versions affected by CVE-2026-22610)

No auth needed

Prerequisites: Access to the target Angular project's source code

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Vendor Advisory x_refsource_confirm

https://github.com/angular/angular/security/advisories/GHSA-jrmj-c5cx-3cw6

Patch x_refsource_misc

https://github.com/angular/angular/commit/91dc91bae4a1bbefc58bef6ef739d0e02ab44d56

View Patch ZIP pw:eip

Vendor Advisory

https://cert-portal.siemens.com/productcert/html/ssa-253495.html

Vendor Advisory

https://cert-portal.siemens.com/productcert/html/ssa-485750.html

Issue Tracking x_refsource_misc

https://github.com/angular/angular/pull/66318

Scores

CVSS v3 6.1

EPSS 0.0001

EPSS Percentile 1.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-79

Status published

Products (16)

angular/angular 21.1.0 next0 (5 CPE variants)

angular/angular < 18.2.14

angular/angular < 19.2.18

angular/angular >= 20.0.0-next.0, < 20.3.16

angular/angular >= 21.0.0-next.0, < 21.0.7

angular/angular >= 21.1.0-next.0, < 21.1.0-rc.0

angular/compiler 0 - 18.2.14npm

angular/compiler 19.0.0-next.0 - 19.2.18npm

angular/compiler 20.0.0-next.0 - 20.3.16npm

angular/compiler 21.0.0-next.0 - 21.0.7npm

... and 6 more

Published Jan 10, 2026

Tracked Since Feb 18, 2026