Angular has XSS Vulnerability via Unsanitized SVG Script Attributes

Description

A Cross-Site Scripting (XSS) vulnerability has been identified in the Angular Template Compiler. The vulnerability exists because Angular’s internal sanitization schema fails to recognize the href and xlink:href attributes of SVG <script> elements as a Resource URL context.

In a standard security model, attributes that can load and execute code (like a script's source) should be strictly validated. However, because the compiler does not classify these specific SVG attributes correctly, it allows attackers to bypass Angular's built-in security protections.

When template binding is used to assign user-controlled data to these attributes for example, <script [attr.href]="userInput"> the compiler treats the value as a standard string or a non-sensitive URL rather than a resource link. This enables an attacker to provide a malicious payload, such as a data:text/javascript URI or a link to an external malicious script.

Impact

When successfully exploited, this vulnerability allows for arbitrary JavaScript execution within the context of the victim's browser session. This can lead to:
- Session Hijacking: Stealing session cookies, localStorage data, or authentication tokens.
- Data Exfiltration: Accessing and transmitting sensitive information displayed within the application.
- Unauthorized Actions: Performing state-changing actions (like clicking buttons or submitting forms) on behalf of the authenticated user.

Attack Preconditions

  1. The victim application must explicitly use SVG <script> elements within its templates.
  2. The application must use property or attribute binding (interpolation) for the href or xlink:href attributes of those SVG scripts.
  3. The data bound to these attributes must be derived from an untrusted source (e.g., URL parameters, user-submitted database entries, or unsanitized API responses).

Patches

  • 19.2.18
  • 20.3.16
  • 21.0.7
  • 21.1.0-rc.0

Workarounds

Until the patch is applied, developers should:

  • Avoid Dynamic Bindings: Do not use Angular template binding (e.g., [attr.href]) for SVG <script> elements.
  • Input Validation: If dynamic values must be used, strictly validate the input against a strict allowlist of trusted URLs on the server side or before it reaches the template.

Resources

  • https://github.com/angular/angular/pull/66318

Basic information

Type
reviewed
Severity
high
Advisory on GitHub
Open advisory ↗
Repository advisory
Open repository advisory ↗
Source code
Browse source ↗
Published (advisory)
2026-01-09 18:52:14 UTC
Updated
2026-06-09 10:56:10 UTC
GitHub reviewed
2026-01-09 18:52:14 UTC
NVD published
2026-01-09

EPSS Score

Score Percentile
0.01% 1.22%

CVSS Scores

Base score Version Severity Vector
8.5 4.0
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Click to expand
Attack vector (AV:N)
Could be attacked over the internet or any normal routed network.
Attack complexity (AC:L)
Exploitation conditions are straightforward and stable.
Attack requirements (AT:N)
No additional preconditions are required beyond normal reachability.
Privileges required (PR:L)
Low privileges are required.
User interaction (UI:A)
User interaction is required in an active way.
Vulnerable system confidentiality impact (VC:H)
High confidentiality impact on the vulnerable system.
Vulnerable system integrity impact (VI:H)
High integrity impact on the vulnerable system.
Vulnerable system availability impact (VA:H)
High availability impact on the vulnerable system.
Subsequent system confidentiality impact (SC:N)
No confidentiality impact on subsequent systems.
Subsequent system integrity impact (SI:N)
No integrity impact on subsequent systems.
Subsequent system availability impact (SA:N)
No availability impact on subsequent systems.

Identifiers

CWEs

CWE id Name
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Credits

  • alan-agius4 (remediation_developer)
  • josephperrott (remediation_reviewer)
  • AndrewKushnir (remediation_reviewer)
  • jelbourn (remediation_reviewer)
  • hybrist (remediation_reviewer)
  • ShelbyKelley (reporter)
  • gkalpak (reporter)

Affected packages (10)

Vulnerable version ranges and first patched releases as published by GitHub.

Ecosystem Package Vulnerable range First patched Vulnerable functions
npm @angular/compiler >= 21.1.0-next.0, < 21.1.0-rc.0 21.1.0-rc.0
npm @angular/core >= 21.1.0-next.0, < 21.1.0-rc.0 21.1.0-rc.0
npm @angular/compiler >= 21.0.0-next.0, < 21.0.7 21.0.7
npm @angular/core >= 21.0.0-next.0, < 21.0.7 21.0.7
npm @angular/compiler >= 20.0.0-next.0, < 20.3.16 20.3.16
npm @angular/core >= 20.0.0-next.0, < 20.3.16 20.3.16
npm @angular/compiler >= 19.0.0-next.0, < 19.2.18 19.2.18
npm @angular/core >= 19.0.0-next.0, < 19.2.18 19.2.18
npm @angular/compiler <= 18.2.14
npm @angular/core <= 18.2.14

References

cvelogic Threat Intelligence