Angular Template Injection Vulnerability in Reports Functionality by Vendor
CVE-2025-40900

5.1MEDIUM

Key Information:

Vendor: Nozomi Networks
Status: Guardian; Cmc
Vendor: CVE Published:; 19 May 2026

🔔 Create Nozomi Networks Vulnerability Alert

What is CVE-2025-40900?

A vulnerability has been found in the Reports functionality of Vendor's product, where improper validation of input parameters can allow an authenticated user to create a malicious report containing an Angular template payload. Victims, potentially through social engineering, may import this harmful report. Once imported, the Angular template executes within the victim’s browser context, enabling attackers to manipulate application data and potentially disrupt the application's availability. Existing input validation and Content Security Policy configurations provide some level of protection against complete XSS exploitation and information leakage.

Affected Version(s)

CMC 0 < 26.1.0

Guardian 0 < 26.1.0

References

https://security.nozominetworks.com/NN-2026:3-01

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 19, 2026
Vulnerability Reserved
Apr 16, 2025

Credit

This issue was found by Stefano Libero and Andrea Palanca of Nozomi Networks Product Security team during an internal investigation.

CVE-2025-40900 Data

JSON