CVE-2026-54264

描述

An information disclosure vulnerability exists in the `@angular/service-worker` package of the Angular framework. When the Service Worker fetches assets, it preserves metadata (such as headers) from the original request. However, on cross-origin redirects, the Service Worker fails to strip sensitive headers, violating the Fetch redirect algorithm. This allows a remote attacker to obtain sensitive credentials (e.g., `Authorization` tokens, `Proxy-Authorization` credentials, or session cookies) by triggering a cross-origin redirect to an untrusted external origin. ### Impact If an application configured with the Angular Service Worker fetches assets with credential headers (such as `Authorization` header), and one of those requests is redirected to a different origin, the Service Worker will forward those headers to the new origin. This exposes critical credentials and session identifiers to unauthorized third-party servers. ### Attack Preconditions For this vulnerability to be exploitable: 1. **Vulnerable Configuration:** The application must utilize the `@angular/service-worker` package to fetch assets. 2. **Credentialed Requests:** The application must attach sensitive request headers (like `Authorization`, `Proxy-Authorization`, or rely on cookies) to asset-group requests. 3. **Redirect Flow:** These requests must encounter a cross-origin redirect to an attacker-controlled or untrusted domain. ### Patched Versions * 22.0.1 * 21.2.17 * 20.3.25 ### Credits This vulnerability was discovered and reported by [CodeMender from Google DeepMind](https://deepmind.google/blog/introducing-codemender-an-ai-agent-for-code-security/).

如何修補 CVE-2026-54264

要修補 CVE-2026-54264,請將受影響套件升級到下列已修補版本。

—升級至 22.0.1 或更新版本

CVE-2026-54264 正在被利用嗎?

目前沒有被利用訊號。CVE-2026-54264 既不在 CISA KEV 也沒有最新的 EPSS 分數。

受影響套件(1)

>= 22.0.0-next.0, < 22.0.1

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 4.0	—	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N

描述

如何修補 CVE-2026-54264

CVE-2026-54264 正在被利用嗎?

受影響套件(1)

CVSS 分數

參考連結(4)