Server-Side Request Forgery (SSRF)
CVE-2026-46417
Summary
A Server-Side Request Forgery (SSRF) vulnerability exists in `@angular/platform-server`. The issue stems from how the server-side rendering (SSR) engine processes the request URL provided to the rendering entry points. When an absolute-form URL (e.g., http://evil.com) is passed to the rendering engine, the internal ServerPlatformLocation can be manipulated into adopting the attacker-controlled domain as the "current" hostname. Consequently, any relative HttpClient requests or PlatformLocation.hostname references are redirected to the attacker-controlled server, potentially exposing internal APIs or metadata services. The affected versions are through 18.2.14, 19.0.0-next.0 through 19.2.21, 20.0.0-next.0 through 20.3.20, 21.0.0-next.0 through 21.2.12, and 22.0.0-next.0 through 22.0.0-next.11.
CWE-918 - Server-Side Request Forgery (SSRF)
Server-side request forgery (SSRF) is a weakness that allows an attacker to send an arbitrary request, making it appear that the request was sent by the server. This request may bypass a firewall that would normally prevent direct access to the URL. The impact of this vulnerability can vary from unauthorized access to files and sensitive information to remote code execution.
References
Advisory Timeline
- Published
