SSRF in Angular

CVE-2026-46417

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-next.12, 21.2.13, 20.3.21, and 19.2.22, a Server-Side Request Forgery (SSRF) vulnerability…

Vulnerability class: SSRF (Server-Side Request Forgery)

Affected products

Angular — versions >= 22.0.0-next.0, < 22.0.0-next.12, >= 21.0.0-next.0, < 21.2.13, >= 20.0.0-next.0, < 20.3.21

Weakness classification (CWE)

CWE-918 — Server-Side Request Forgery (SSRF)

References

security-advisories@github.com (x_refsource_CONFIRM)
security-advisories@github.com (x_refsource_MISC)