Vulnerability Description
Beghelli Sicuro24 SicuroWeb embeds AngularJS 1.5.2, an end-of-life component containing known sandbox escape primitives. When combined with template injection present in the same application, these primitives allow attackers to escape the AngularJS sandbox and achieve arbitrary JavaScript execution in operator browser sessions, enabling session hijacking, DOM manipulation, and persistent browser compromise. Network-adjacent attackers can deliver the complete injection and escape chain via MITM in plaintext HTTP deployments without active user interaction.
CVSS Score
HIGH
Related Weaknesses (CWE)
References
- https://github.com/kmkz/Exploits/blob/master/2026/CVE-2026-22191-POC.py
- https://github.com/kmkz/Exploits/blob/master/2026/CVE-2026-22191-SicuroWeb-ATI-c
- https://www.beghelli.it
- https://www.boffsec-services.com/posts/sicuroweb-cve-2026-22191/
- https://www.vulncheck.com/advisories/beghelli-sicuro24-sicuroweb-angularjs-sandb
FAQ
What is CVE-2026-41468?
CVE-2026-41468 is a vulnerability with a CVSS score of 8.7 (HIGH). Beghelli Sicuro24 SicuroWeb embeds AngularJS 1.5.2, an end-of-life component containing known sandbox escape primitives. When combined with template injection present in the same application, these pr...
How severe is CVE-2026-41468?
CVE-2026-41468 has been rated HIGH with a CVSS base score of 8.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-41468?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.