Description
Beghelli Sicuro24 SicuroWeb embeds AngularJS 1.5.2, an end-of-life component containing known sandbox escape primitives. When combined with template injection present in the same application, these primitives allow attackers to escape the AngularJS sandbox and achieve arbitrary JavaScript execution in operator browser sessions, enabling session hijacking, DOM manipulation, and persistent browser compromise. Network-adjacent attackers can deliver the complete injection and escape chain via MITM in plaintext HTTP deployments without active user interaction.
Published: 2026-04-22
Score: 9.3 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Client-side RCE
Action: Assess Impact
AI Analysis

Impact

The vulnerability arises from Beghelli Sicuro24 SicuroWeb's use of AngularJS 1.5.2, an end‑of‑life framework that includes known sandbox‑escape primitives. When an attacker is able to inject a malicious template into the application, these primitives enable escape from the AngularJS sandbox, allowing arbitrary JavaScript execution within the operator’s browser session. The impact includes session hijacking, unauthorized DOM manipulation, and persistent compromise of the browser, effectively granting an attacker control over the client environment.

Affected Systems

The affected product is Beghelli SicuroWeb, part of the Sicuro24 suite, with vendor name Beghelli. No specific version numbers are provided in the advisory; the flaw resides in any installation that embeds AngularJS 1.5.2 within the application.

Risk and Exploitability

The CVSS score of 9.3 reflects critical confidentiality, integrity, and availability damage if exploited. Attackers need only an opportunistic position in the same physical or logical network to perform a man‑in‑the‑middle attack on plaintext HTTP traffic, which does not require user interaction. Because the vulnerability operates purely within the client browser, it bypasses server‑side defenses, and the exploitation chain is fully client‑side, leaving only the network posture and firewall controls as mitigations. The lack of an EPSS score and absence from the CISA KEV catalog do not reduce the threat; the known exploitation chain and ease of delivery make this vulnerability a pressing risk in exposed environments.

Generated by OpenCVE AI on April 27, 2026 at 08:33 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Force deployment to use HTTPS/TLS to eliminate plaintext traffic and block MITM injection opportunities.
  • Update or remove AngularJS 1.5.2, replacing it with a supported framework version or removing the component entirely.
  • Implement strict input validation and sanitization to block template injection in client‑side code.
  • Verify whether Beghelli releases a patch or advisory for this vulnerability, and apply it when available.

Generated by OpenCVE AI on April 27, 2026 at 08:33 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 27 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Beghelli
Beghelli sicuroweb (sicuro24)
Vendors & Products Beghelli
Beghelli sicuroweb (sicuro24)

Wed, 22 Apr 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 22 Apr 2026 19:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.7, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L'}

Wed, 22 Apr 2026 18:30:00 +0000

Type Values Removed Values Added
Description Beghelli Sicuro24 SicuroWeb embeds AngularJS 1.5.2, an end-of-life component containing known sandbox escape primitives. When combined with template injection present in the same application, these primitives allow attackers to escape the AngularJS sandbox and achieve arbitrary JavaScript execution in operator browser sessions, enabling session hijacking, DOM manipulation, and persistent browser compromise. Network-adjacent attackers can deliver the complete injection and escape chain via MITM in plaintext HTTP deployments without active user interaction.
Title Beghelli Sicuro24 SicuroWeb AngularJS Sandbox Escape via Template Injection
Weaknesses CWE-1104
References
Metrics cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L'}

Subscriptions

Beghelli Sicuroweb (sicuro24)
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-22T19:05:22.738Z

Reserved: 2026-04-20T16:07:47.311Z

Link: CVE-2026-41468

cve-icon Vulnrichment

Updated: 2026-04-22T19:04:51.055Z

cve-icon NVD

Status : Deferred

Published: 2026-04-22T19:17:08.813

Modified: 2026-04-22T21:18:45.917

Link: CVE-2026-41468

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-27T19:53:19Z

Weaknesses