CVE-2026-22610 — Vulnetix

CVE-2026-22610 PUBLISHED CVSS 8.5 HIGH

Angular has XSS Vulnerability via Unsanitized SVG Script Attributes

EPSS 0.02% · 5.7th percentile

Risk Scores

CVSS v4.0

8.5

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS Score

0.02%

5.7th percentile

Affected Products

Vendor	Product	Versions
angular	compiler	0, 19.0.0-next.0, 20.0.0-next.0
angular	core	21.1.0-next.0, 21.0.0-next.0, 20.0.0-next.0
angular	angular	19.0.0, 20.0.0, 21.1.0

Timeline

Jan 7, 2026 CVE ID Reserved
Jan 9, 2026 CVE Published
Jan 10, 2026 EPSS Score
Jan 10, 2026 PoC Published
Jan 13, 2026 EPSS Score
Jan 13, 2026 PoC Published
Jan 13, 2026 PoC Published
Jan 13, 2026 PoC Published
Jan 15, 2026 PoC Published
Jan 16, 2026 EPSS Score
Jan 19, 2026 EPSS Score
Jan 21, 2026 PoC Published

References

https://www.ibm.com/support/pages/node/7261959 advisory
https://www.ibm.com/support/pages/node/7261794 advisory
https://www.ibm.com/support/pages/node/7261890 advisory
https://www.ibm.com/support/pages/node/7261887 advisory
https://www.ibm.com/support/pages/node/7261935 advisory
https://www.ibm.com/support/pages/node/7261436 advisory
https://www.ibm.com/support/pages/node/7261774 advisory
https://github.com/angular/angular/security/advisories/GHSA-jrmj-c5cx-3cw6 url
https://github.com/angular/angular/pull/66318 url
https://github.com/angular/angular/commit/91dc91bae4a1bbefc58bef6ef739d0e02ab44d56 url
https://nvd.nist.gov/vuln/detail/CVE-2026-22610 advisory
https://github.com/angular/angular package
https://www.ibm.com/support/pages/node/7270805 advisory
https://www.ibm.com/support/pages/node/7270827 advisory
https://www.ibm.com/support/pages/node/7270869 advisory
https://www.ibm.com/support/pages/node/7270820 advisory
https://www.ibm.com/support/pages/node/7270845 advisory
https://www.ibm.com/support/pages/node/7270868 advisory
https://www.ibm.com/support/pages/node/7270775 advisory
https://www.ibm.com/support/pages/node/7270692 advisory

Open in Interactive Console →

$ Console Community · 100/wk Open console ›