Plattform
nodejs
Komponente
@angular/ssr
Behoben in
21.2.1
21.0.1
20.0.1
19.2.22
16.2.1
16.2.1
21.2.0-rc.1
A critical Server-Side Request Forgery (SSRF) vulnerability has been discovered in the Angular SSR request handling pipeline within the @angular/ssr component. This flaw allows attackers to manipulate HTTP headers, specifically the Host and X-Forwarded-* family, to control the application's base origin, potentially leading to unauthorized access to internal resources. The vulnerability impacts versions prior to 21.2.0-rc.1, and a patch is now available.
The SSRF vulnerability in @angular/ssr poses a significant risk because it enables attackers to craft malicious HTTP requests that appear to originate from within the trusted application. By manipulating the Host and X-Forwarded-* headers, an attacker can trick the Angular SSR server into making requests to arbitrary internal or external resources. This could lead to the exposure of sensitive data, access to internal APIs, or even the exploitation of other vulnerabilities within the internal network. The potential blast radius extends to any internal services accessible via HTTP, making this a high-priority concern. Successful exploitation could mirror the impact of similar SSRF vulnerabilities where attackers have leveraged them to scan internal networks and identify further attack vectors.
This vulnerability is considered high-risk due to its CRITICAL CVSS score and the potential for widespread exploitation. While no public exploits have been definitively linked to this CVE as of the publication date, the SSRF vulnerability class is frequently targeted. The vulnerability was disclosed on 2026-02-25. Monitor security advisories and threat intelligence feeds for any indications of active exploitation campaigns.
Applications using @angular/ssr for server-side rendering, particularly those deployed in environments with complex network configurations or shared hosting, are at risk. Legacy applications that haven't been updated to the latest @angular/ssr version are especially vulnerable.
• nodejs: Monitor application logs for unusual outbound HTTP requests to internal IP addresses or unexpected domains. Use netstat or ss to identify connections to internal resources.
netstat -an | grep <internal_ip_address>• nodejs: Inspect the Host and X-Forwarded-* headers in incoming requests for suspicious values. Implement logging of these headers for auditing purposes.
console.log('Host header:', req.headers.host);
console.log('X-Forwarded-Host header:', req.headers['x-forwarded-host']);• generic web: Examine access logs for requests with unusual Host headers or X-Forwarded-* headers pointing to internal resources. Look for patterns indicative of port scanning or internal resource discovery.
disclosure
Exploit-Status
EPSS
0.05% (17% Perzentil)
CISA SSVC
The primary mitigation for CVE-2026-27739 is to immediately upgrade to @angular/ssr version 21.2.0-rc.1 or later. If upgrading is not immediately feasible, consider implementing a Web Application Firewall (WAF) or reverse proxy to filter and sanitize incoming HTTP headers, specifically the Host and X-Forwarded-* headers. Strictly validate and whitelist allowed domains and protocols. Implement robust input validation on all user-supplied data used in URL construction. Review and update any existing SSRF protection mechanisms to ensure they are effective against this specific vulnerability.
Aktualisieren Sie Angular SSR auf Version 21.2.0-rc.1, 21.1.5, 20.3.17 oder 19.2.21 oder höher. Wenn ein sofortiges Update nicht möglich ist, vermeiden Sie die Verwendung von `req.headers` für die URL-Konstruktion und verwenden Sie vertrauenswürdige Variablen für die API-Basis-Routen. Implementieren Sie ein Middleware in Ihrer `server.ts`-Datei, um numerische Ports und validierte Hostnamen durchzusetzen.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-27739 is a critical SSRF vulnerability in the @angular/ssr component, allowing attackers to manipulate HTTP headers and access internal resources.
You are affected if you are using @angular/ssr versions prior to 21.2.0-rc.1 and have not implemented header validation.
Upgrade to @angular/ssr version 21.2.0-rc.1 or later. If upgrading is not possible, implement strict header validation to prevent header manipulation.
While no widespread exploitation has been confirmed, the SSRF nature of the vulnerability makes it a potential target for attackers.
Refer to the official Angular security advisories for detailed information and updates regarding CVE-2026-27739.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.