Medium severity5.2NVD Advisory· Published Mar 13, 2026· Updated Apr 22, 2026
CVE-2026-22191
CVE-2026-22191
Description
Beghelli Sicuro24 SicuroWeb contains a template injection vulnerability that allows attackers to inject arbitrary AngularJS expressions by exploiting improper rendering of untrusted input in AngularJS template contexts. Attackers can inject malicious expressions that are compiled and executed by the AngularJS 1.5.2 runtime to achieve arbitrary JavaScript execution in operator browser sessions, with network-adjacent attackers able to deliver payloads via MITM injection in plaintext HTTP deployments.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3Patches
Vulnerability mechanics
References
5- github.com/kmkz/Exploits/blob/master/2026/CVE-2026-22191-POC.pynvd
- github.com/kmkz/Exploits/blob/master/2026/CVE-2026-22191-SicuroWeb-ATI-chain.txtnvd
- www.beghelli.itnvd
- www.boffsec-services.com/posts/sicuroweb-cve-2026-22191/nvd
- www.vulncheck.com/advisories/beghelli-sicuro24-sicuroweb-angularjs-template-injectionnvd
News mentions
0No linked articles in our index yet.