Information Disclosure in Angular's HttpTransferCache During Server-Side Rendering
CVE-2026-50170

8.2HIGH

Key Information:

Vendor: Angular
Status: Angular
Vendor: CVE Published:; 22 June 2026

What is CVE-2026-50170?

A vulnerability in Angular's HttpTransferCache utility, effective before specific updates, permits caching of user-specific responses without validating the withCredentials flag or Cookie header during Server-Side Rendering (SSR). This oversight could lead to exposure of private user data across different users when the serialized HTML is cached by intermediary layers such as CDNs or shared server caches. The vulnerability has been addressed in the latest releases.

Affected Version(s)

angular >= 22.0.0-next.0, < 22.0.0-rc.2 < 22.0.0-next.0, 22.0.0-rc.2

angular >= 21.0.0-next.0, < 21.2.15 < 21.0.0-next.0, 21.2.15

angular >= 20.0.0-next.0, < 20.3.22 < 20.0.0-next.0, 20.3.22

References

https://github.com/angular/angular/security/advisories/GH...

x_refsource_CONFIRM

https://github.com/angular/angular/pull/67964

x_refsource_MISC

CVSS V4

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 22, 2026
Vulnerability Reserved
Jun 3, 2026

CVE-2026-50170 Data

JSON