Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2026-41468
Deferred
More InfoOfficial Page
Source-disclosure@vulncheck.com
View Known Exploited Vulnerability (KEV) details
Published At-22 Apr, 2026 | 19:17
Updated At-22 Apr, 2026 | 21:18

Beghelli Sicuro24 SicuroWeb embeds AngularJS 1.5.2, an end-of-life component containing known sandbox escape primitives. When combined with template injection present in the same application, these primitives allow attackers to escape the AngularJS sandbox and achieve arbitrary JavaScript execution in operator browser sessions, enabling session hijacking, DOM manipulation, and persistent browser compromise. Network-adjacent attackers can deliver the complete injection and escape chain via MITM in plaintext HTTP deployments without active user interaction.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.09.3CRITICAL
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary3.18.7HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L
Type: Secondary
Version: 4.0
Base score: 9.3
Base severity: CRITICAL
Vector:
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Primary
Version: 3.1
Base score: 8.7
Base severity: HIGH
Vector:
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-1104Primarydisclosure@vulncheck.com
CWE ID: CWE-1104
Type: Primary
Source: disclosure@vulncheck.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/kmkz/Exploits/blob/master/2026/CVE-2026-22191-POC.pydisclosure@vulncheck.com
N/A
https://github.com/kmkz/Exploits/blob/master/2026/CVE-2026-22191-SicuroWeb-ATI-chain.txtdisclosure@vulncheck.com
N/A
https://www.beghelli.itdisclosure@vulncheck.com
N/A
https://www.boffsec-services.com/posts/sicuroweb-cve-2026-22191/disclosure@vulncheck.com
N/A
https://www.vulncheck.com/advisories/beghelli-sicuro24-sicuroweb-angularjs-sandbox-escape-via-template-injectiondisclosure@vulncheck.com
N/A
Hyperlink: https://github.com/kmkz/Exploits/blob/master/2026/CVE-2026-22191-POC.py
Source: disclosure@vulncheck.com
Resource: N/A
Hyperlink: https://github.com/kmkz/Exploits/blob/master/2026/CVE-2026-22191-SicuroWeb-ATI-chain.txt
Source: disclosure@vulncheck.com
Resource: N/A
Hyperlink: https://www.beghelli.it
Source: disclosure@vulncheck.com
Resource: N/A
Hyperlink: https://www.boffsec-services.com/posts/sicuroweb-cve-2026-22191/
Source: disclosure@vulncheck.com
Resource: N/A
Hyperlink: https://www.vulncheck.com/advisories/beghelli-sicuro24-sicuroweb-angularjs-sandbox-escape-via-template-injection
Source: disclosure@vulncheck.com
Resource: N/A
Change History
0Changes found
Details not found