Description
Beghelli Sicuro24 SicuroWeb embeds AngularJS 1.5.2, an end-of-life component containing known sandbox escape primitives. When combined with template injection present in the same application, these primitives allow attackers to escape the AngularJS sandbox and achieve arbitrary JavaScript execution in operator browser sessions, enabling session hijacking, DOM manipulation, and persistent browser compromise. Network-adjacent attackers can deliver the complete injection and escape chain via MITM in plaintext HTTP deployments without active user interaction.
CVSS breakdown
CVSS 4.0
Attack Vector
Adjacent
Attack Complexity
Low
Attack Requirements
None
Privileges Required
None
User Interaction
Passive
Confidentiality (Vulnerable System)
High
Integrity (Vulnerable System)
High
Availability (Vulnerable System)
Low
Confidentiality (Subsequent System)
High
Integrity (Subsequent System)
High
Availability (Subsequent System)
Low
CVSS 3.1
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
High
Integrity
High
Availability
Low
Affected products
References
- MISChttps://www.boffsec-services.com/posts/sicuroweb-cve-2026-22191/
- MISChttps://github.com/kmkz/Exploits/blob/master/2026/CVE-2026-22191-POC.py
- MISChttps://github.com/kmkz/Exploits/blob/master/2026/CVE-2026-22191-SicuroWeb-ATI-chain.txt
- MISChttps://www.beghelli.it
- VENDOR_ADVISORYhttps://www.vulncheck.com/advisories/beghelli-sicuro24-sicuroweb-angularjs-sandbox-escape-via-template-injection