VulnerabilitiesJan 11, 2026•4 min read
Angular XSS Flaw Bypasses Sanitization via SVG Script Tags
CVE-2026-22610 lets attackers inject JavaScript through SVG script attributes that Angular's sanitizer fails to recognize. Patches available for versions 19-21.
Marcus Chen