Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
AC:H reflects the non-default app architecture required; S:C and C:H/I:H reflect full XSS execution in the victim browser context; A:N as no availability impact is described.
Primary rating from Vendor (https://github.com/angular/angular).
CVSS VectorVendor: https://github.com/angular/angular
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
An issue in the @angular/core package allows bypassing script-execution restrictions during dynamic component creation.
Specifically, the dynamic component instantiation mechanism (createComponent) failed to reject mounting components directly onto a <script> or namespaced script element (such as <svg:script>). This enabled the initialization of custom components on a tag that executes scripts, allowing attackers to hijack or inject script-executing hosts.
This flaw enables an attacker who can control the host element or selector parameter passed to createComponent to initialize or mount an Angular component directly onto a <script> tag, leading to execution of untrusted code or client-side Cross-Site Scripting (XSS).
Impact
Any Angular application that registers dynamic components based on user-supplied parameters (like selectors or host elements) is vulnerable to this security bypass.
Once exploited, this allows a malicious actor to mount a dynamic component on a script tag, bypassing core dynamic component creation safeguards to execute arbitrary JavaScript within the target user's browser context. This could lead to session hijacking, sensitive data exposure, or unauthorized actions on behalf of the user.
Attack Preconditions
To successfully exploit these vulnerabilities, the following environment parameters and application states must all concurrently exist:
- User-Controlled Host Selection: The application must accept user-controlled inputs that are passed as a selector/host element to
createComponent. - Absence of Additional Context Sanitization: The application does not perform separate input sanitization before feeding values to the dynamic creation APIs.
Patches
- 22.0.0-rc.2
- 21.2.15
- 20.3.22
- 19.2.23
AnalysisAI
Dynamic component mounting in @angular/core permits client-side XSS by failing to reject script elements as valid host targets for createComponent. Angular applications that pass user-supplied selectors or host element references to the createComponent API without prior sanitization are vulnerable to namespace bypass, allowing an attacker to mount Angular components onto <script> or <svg:script> elements and execute arbitrary JavaScript in the victim's browser. No active exploitation has been confirmed (not in CISA KEV) and no public proof-of-concept has been identified at time of analysis, but vendor-released patches are available across multiple supported major versions.
Technical ContextAI
The vulnerability resides in @angular/core's dynamic component instantiation subsystem, specifically the createComponent runtime API and the associated compiler-side DOM security schema (dom_security_schema.ts and dom_element_schema_registry.ts). Angular's component renderer normally enforces a security schema that maps element tags and namespaces to sanitization contexts (HTML, URL, STYLE, NONE); however, the createComponent code path did not include a guard rejecting <script> or namespace-prefixed script elements (e.g., <svg:script>) as mount targets. CWE-79 (Improper Neutralization of Input During Web Page Generation - Cross-site Scripting) is the root cause class: user-controlled data reaches a script-executing DOM sink without adequate validation. The patch, visible in GitHub PRs #68686 and #68713, refactors namespace handling in the security schema and introduces explicit namespace-aware element rejection logic. Affected packages are distributed as pkg:npm/@angular_core across major versions 19, 20, 21, and 22.
RemediationAI
The primary remediation is to upgrade @angular/core to a patched release: 19.2.23 for the v19 line, 20.3.22 for the v20 line, 21.2.15 for the v21 line, or 22.0.0-rc.2 for the v22 release candidate line. These patches are confirmed via the upstream GitHub security advisory (GHSA-692r-grfm-v8x7) and the merged pull requests at https://github.com/angular/angular/pull/68686 and https://github.com/angular/angular/pull/68713. For applications running Angular v18 or earlier, no vendor patch exists at time of analysis; the specific compensating control is to audit all call sites of createComponent and enforce an explicit allowlist validation of host element tags and selectors before invoking the API - rejecting any input that resolves to a script, svg:script, or equivalent namespaced script element. Implementing a Content Security Policy (CSP) with script-src restricted to trusted origins provides a meaningful defense-in-depth layer that limits the blast radius of a successful XSS exploit, though it does not prevent the component mount itself. Restricting the application's dynamic component features to authenticated, server-validated configurations eliminates the user-controlled-input precondition entirely.
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-38261
GHSA-692r-grfm-v8x7