Skip to content

fix(deps): Upgrade @angular/ssr to patch critical SSRF vulnerability (CVE-2026-27739) #27

Description

@Samyssmile

Security Advisory

Dependabot Alert: #24
Severity: Critical
CVE: CVE-2026-27739
GHSA: GHSA-x288-3778-4hhx

Affected Dependency

Field Value
Package @angular/ssr
Manifest pnpm-lock.yaml
Vulnerable range >= 21.0.0-next.0, < 21.1.5
First patched version 21.1.5

Description

A Server-Side Request Forgery (SSRF) vulnerability has been identified in the Angular SSR request handling pipeline. Angular's internal URL reconstruction logic directly trusts user-controlled HTTP headers (Host, X-Forwarded-*) to determine the application's base origin without any validation.

Impact

  • Credential Exfiltration: Stealing Authorization headers or session cookies by redirecting them to an attacker's server.
  • Internal Network Probing: Accessing internal services, databases, or cloud metadata endpoints (e.g., 169.254.169.254).
  • Confidentiality Breach: Accessing sensitive information processed within the server-side context.

Attack Preconditions

  • Application uses Angular SSR
  • Application performs HttpClient requests using relative URLs or manually constructs URLs using Host / X-Forwarded-* headers
  • Application server is reachable by an attacker who can influence these headers
  • Infrastructure does not sanitize or validate incoming headers

Remediation

Upgrade @angular/ssr to version 21.1.5 or later.

pnpm update @angular/ssr

Patched Versions

  • 21.2.0-rc.1
  • 21.1.5
  • 20.3.17
  • 19.2.21

References

Metadata

Metadata

Assignees

No one assigned

    Labels

    dependenciesPull requests that update a dependency filesecuritySecurity vulnerabilities

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions