What is CVE-2026-11998?

CVE-2026-11998 is a high-severity vulnerability in Google Angularjs, classified under CWE-791. CVSS score: 7.6/10. Published 2026-06-24.

How severe is CVE-2026-11998?

High severity. CVSS v3 base score is 7.6 out of 10.

Vulnerability in Google Angularjs

CVE-2026-11998

A flaw in AngularJS' Strict Contextual Escaping (SCE) logic allows bypassing certain SCE policies for resource URLs and can lead to arbitrary JavaScript execution within the context of the victim's browser session. SCE's purpose is to en…

CVSS v3 metric

CVSS v3 base score 7.6 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L.

Affected products

Google Angularjs — versions >=1.2.0-rc.3

Weakness classification (CWE)

CWE-791

References

36c7be3b-2937-45df-85ea-ca7133ea542c (technical-description, exploit)
36c7be3b-2937-45df-85ea-ca7133ea542c (third-party-advisory)

Frequently asked questions

What is CVE-2026-11998?: CVE-2026-11998 is a high-severity vulnerability in Google Angularjs, classified under CWE-791. CVSS score: 7.6/10. Published 2026-06-24.
How severe is CVE-2026-11998?: High severity. CVSS v3 base score is 7.6 out of 10.