CVE-2026-22610EPSS p35.2%

CVE-2026-22610CVE-2026-22610

angular / angular

Description

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.18, 20.3.16, 21.0.7, and 21.1.0-rc.0, a cross-site scripting (XSS) vulnerability has been identified in the Angular Template Compiler. The vulnerability exists because Angular’s internal sanitization schema fails to recognize the href and xlink:href attributes of SVG <script> elements as a Resource URL context. This issue has been patched in versions 19.2.18, 20.3.16, 21.0.7, and 21.1.0-rc.0.

Scoring

CVSS 6.1 ()
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS0.44% probability of exploitation · percentile 35.2% · 2026-06-19T12:03:05Z
Last modified2026-06-02

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-66412
CVE
CVE-2026-32635
CVE
CVE-2025-66035
CVE
CVE-2026-11166
CVE
CVE-2026-44643
CVE
CVE-2026-11182
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.