CVE-2026-22191
Beghelli Sicuro24 SicuroWeb AngularJS Template Injection
CVSS Score
5.2
EPSS Score
0.0%
EPSS Percentile
13th
Beghelli Sicuro24 SicuroWeb contains a template injection vulnerability that allows attackers to inject arbitrary AngularJS expressions by exploiting improper rendering of untrusted input in AngularJS template contexts. Attackers can inject malicious expressions that are compiled and executed by the AngularJS 1.5.2 runtime to achieve arbitrary JavaScript execution in operator browser sessions, with network-adjacent attackers able to deliver payloads via MITM injection in plaintext HTTP deployments.
| CWE | CWE-1336 |
| Vendor | beghelli |
| Product | sicuroweb (sicuro24) |
| Published | Mar 13, 2026 |
| Last Updated | Apr 22, 2026 |
Stay Ahead of the Next One
Get instant alerts for beghelli sicuroweb (sicuro24)
Be the first to know when new medium vulnerabilities affecting beghelli sicuroweb (sicuro24) are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None
Affected Versions
Beghelli / SicuroWeb (Sicuro24)
0
References
boffsec-services.com: https://www.boffsec-services.com/posts/sicuroweb-cve-2026-22191/ github.com: https://github.com/kmkz/Exploits/blob/master/2026/CVE-2026-22191-POC.py github.com: https://github.com/kmkz/Exploits/blob/master/2026/CVE-2026-22191-SicuroWeb-ATI-chain.txt beghelli.it: https://www.beghelli.it vulncheck.com: https://www.vulncheck.com/advisories/beghelli-sicuro24-sicuroweb-angularjs-template-injection
Credits
Jean-Marie Bourbon of Bourbon Offensive Security Services VulnCheck