Resource exhaustion in Angular

CVE-2026-54268

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, and 20.3.25, a Denial of Service (DoS) vulnerability exists in the @angular/commo…

Vulnerability class: DoS (Denial of Service)

Affected products

Angular — versions >= 22.0.0-next.0 < 22.0.1, >= 21.0.0-next.0 < 21.2.17, >= 20.0.0-next.0 < 20.3.25

Weakness classification (CWE)

References

security-advisories@github.com (x_refsource_CONFIRM)
security-advisories@github.com (x_refsource_MISC)
security-advisories@github.com (x_refsource_MISC)