Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-twgz-ju7a-8yg9
Vulnerability ID VCID-twgz-ju7a-8yg9
Aliases CVE-2026-27738
GHSA-xh43-g2fq-wjrj
Summary Angular SSR has an Open Redirect via X-Forwarded-Prefix An Open Redirect vulnerability exists in the internal URL processing logic in Angular SSR. The logic normalizes URL segments by stripping leading slashes; however, it only removes a single leading slash. When an Angular SSR application is deployed behind a proxy that passes the `X-Forwarded-Prefix` header, an attacker can provide a value starting with three slashes (e.g., `///evil.com`). 1. The application processes a redirect (e.g., from a router `redirectTo` or i18n locale switch). 2. Angular receives `///evil.com` as the prefix. 3. It strips one slash, leaving `//evil.com`. 4. The resulting string is used in the `Location` header. 5. Modern browsers interpret `//` as a protocol-relative URL, redirecting the user from `https://your-app.com` to `https://evil.com`.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.00061 https://api.first.org/data/v1/epss?cve=CVE-2026-27738
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-xh43-g2fq-wjrj
cvssv4 6.9 https://github.com/angular/angular-cli
generic_textual MODERATE https://github.com/angular/angular-cli
cvssv4 6.9 https://github.com/angular/angular-cli/commit/877f017ace4b83277d773aa37f5813e5e9faec7e
ssvc Track https://github.com/angular/angular-cli/commit/877f017ace4b83277d773aa37f5813e5e9faec7e
cvssv4 6.9 https://github.com/angular/angular-cli/commit/f086eccc36d10cf01c426e35864bc32e1e292323
generic_textual MODERATE https://github.com/angular/angular-cli/commit/f086eccc36d10cf01c426e35864bc32e1e292323
cvssv4 6.9 https://github.com/angular/angular-cli/issues/32501
generic_textual MODERATE https://github.com/angular/angular-cli/issues/32501
ssvc Track https://github.com/angular/angular-cli/issues/32501
cvssv4 6.9 https://github.com/angular/angular-cli/pull/32521
generic_textual MODERATE https://github.com/angular/angular-cli/pull/32521
ssvc Track https://github.com/angular/angular-cli/pull/32521
cvssv3.1_qr MODERATE https://github.com/angular/angular-cli/security/advisories/GHSA-xh43-g2fq-wjrj
cvssv4 6.9 https://github.com/angular/angular-cli/security/advisories/GHSA-xh43-g2fq-wjrj
generic_textual MODERATE https://github.com/angular/angular-cli/security/advisories/GHSA-xh43-g2fq-wjrj
ssvc Track https://github.com/angular/angular-cli/security/advisories/GHSA-xh43-g2fq-wjrj
cvssv4 6.9 https://nvd.nist.gov/vuln/detail/CVE-2026-27738
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2026-27738
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2026-27738
https://github.com/angular/angular-cli
https://github.com/angular/angular-cli/commit/f086eccc36d10cf01c426e35864bc32e1e292323
https://github.com/angular/angular-cli/issues/32501
https://github.com/angular/angular-cli/pull/32521
877f017ace4b83277d773aa37f5813e5e9faec7e https://github.com/angular/angular-cli/commit/877f017ace4b83277d773aa37f5813e5e9faec7e
CVE-2026-27738 https://nvd.nist.gov/vuln/detail/CVE-2026-27738
GHSA-xh43-g2fq-wjrj https://github.com/advisories/GHSA-xh43-g2fq-wjrj
GHSA-xh43-g2fq-wjrj https://github.com/angular/angular-cli/security/advisories/GHSA-xh43-g2fq-wjrj
No exploits are available.
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N Found at https://github.com/angular/angular-cli
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N Found at https://github.com/angular/angular-cli/commit/877f017ace4b83277d773aa37f5813e5e9faec7e
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-27T20:46:21Z/ Found at https://github.com/angular/angular-cli/commit/877f017ace4b83277d773aa37f5813e5e9faec7e
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N Found at https://github.com/angular/angular-cli/commit/f086eccc36d10cf01c426e35864bc32e1e292323
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N Found at https://github.com/angular/angular-cli/issues/32501
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-27T20:46:21Z/ Found at https://github.com/angular/angular-cli/issues/32501
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N Found at https://github.com/angular/angular-cli/pull/32521
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-27T20:46:21Z/ Found at https://github.com/angular/angular-cli/pull/32521
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N Found at https://github.com/angular/angular-cli/security/advisories/GHSA-xh43-g2fq-wjrj
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-27T20:46:21Z/ Found at https://github.com/angular/angular-cli/security/advisories/GHSA-xh43-g2fq-wjrj
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N Found at https://nvd.nist.gov/vuln/detail/CVE-2026-27738
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.19466
EPSS Score 0.00061
Published At June 5, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-02T04:50:54.306585+00:00 GitLab Importer Import https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/@angular/ssr/CVE-2026-27738.yml 38.6.0