CVE-2026-22191 MEDIUM

CVE-2026-22191: Beghelli Sicuro24 SicuroWeb AngularJS Template Injection

Vendor Beghelli
Product SicuroWeb (Sicuro24)
Weakness CWE-1336
Published March 13, 2026
Last update April 22, 2026

CVSS base score

5.1/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

What the vulnerability does

01Description

Beghelli Sicuro24 SicuroWeb contains a template injection vulnerability that allows attackers to inject arbitrary AngularJS expressions by exploiting improper rendering of untrusted input in AngularJS template contexts. Attackers can inject malicious expressions that are compiled and executed by the AngularJS 1.5.2 runtime to achieve arbitrary JavaScript execution in operator browser sessions, with network-adjacent attackers able to deliver payloads via MITM injection in plaintext HTTP deployments.

Key dates

02Disclosure timeline

March 13, 2026 CVE published
April 22, 2026 Record updated

Related vulnerabilities

04Related CVE