XSS in Angular

CVE-2026-50557

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15, 20.3.22 and 19.2.22, an issue in the @angular/compiler and @angular/core pac…

Vulnerability class: XSS (Cross-Site Scripting)

Affected products

Angular — versions >= 21.0.0-next.0 < 21.2.15, >= 22.0.0-next.0 < 22.0.0-rc.2, >= 20.0.0-next.0 < 20.3.22

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

security-advisories@github.com (x_refsource_CONFIRM)
security-advisories@github.com (x_refsource_MISC)
security-advisories@github.com (x_refsource_MISC)