MEDIUM6.1CVE-2026-33397Protocol-Relative URL Injection via Single Backslash Bypass in Angular SSR >= 22.0.0-next.0, < 22.0.0-next.2
—CVE-2026-44437Angular SSR has Open Redirect and Request Steering via Encoded X-Forwarded-Prefix >= 22.0.0-next.0, < 22.0.0-next.7
—CVE-2026-27739Angular SSR is vulnerable to SSRF and Header Injection via request handling pipeline >= 21.2.0-next.0, < 21.2.0-rc.1
—CVE-2026-27738Angular SSR has an Open Redirect via X-Forwarded-Prefix >= 21.2.0-next.0, < 21.2.0-rc.1
—CVE-2025-62427Angular SSR has a Server-Side Request Forgery (SSRF) flaw >= 19.0.0-next.0, < 19.2.18
—CVE-2025-59052Angular SSR: Global Platform Injector Race Condition Leads to Cross-Request Data Leakage >= 17.0.0-next.0, < 18.2.21