CVE-2026-11998: CWE-791 Incomplete filtering of special elements in Google AngularJS
A vulnerability in AngularJS's Strict Contextual Escaping (SCE) logic allows bypassing certain SCE policies for resource URLs, potentially leading to arbitrary JavaScript execution in the victim's browser. This flaw arises from incomplete filtering due to partial matches in regular expression checks. It affects AngularJS version 1.2.0-rc.3. AngularJS is end-of-life and will not receive updates to fix this issue.
AI Analysis
Technical Summary
CVE-2026-11998 is a high-severity vulnerability in Google AngularJS's Strict Contextual Escaping (SCE) mechanism. The flaw involves incomplete filtering of special elements in resource URLs, where the logic that matches entire URLs against regular expressions can be bypassed by partial matches. This allows unsafe values to be used as resource URLs, which can lead to arbitrary JavaScript execution within the context of the victim's browser session. The vulnerability affects AngularJS version 1.2.0-rc.3. Since AngularJS is end-of-life, no official fixes or patches are available.
Potential Impact
Successful exploitation can lead to arbitrary JavaScript execution in the victim's browser, potentially compromising confidentiality, integrity, and availability of the affected web application and user data. The CVSS score of 7.6 reflects a high impact with network attack vector, low attack complexity, no privileges required, user interaction required, unchanged scope, high confidentiality impact, low integrity impact, and low availability impact.
Mitigation Recommendations
No official fix or patch is available because AngularJS is end-of-life and will not receive updates. Users should consider migrating to supported frameworks or versions that do not have this vulnerability. Review application usage of AngularJS 1.2.0-rc.3 and avoid using untrusted resource URLs in security-sensitive contexts. Employ additional application-level controls to sanitize and validate URLs where possible.
CVE-2026-11998: CWE-791 Incomplete filtering of special elements in Google AngularJS
Description
A vulnerability in AngularJS's Strict Contextual Escaping (SCE) logic allows bypassing certain SCE policies for resource URLs, potentially leading to arbitrary JavaScript execution in the victim's browser. This flaw arises from incomplete filtering due to partial matches in regular expression checks. It affects AngularJS version 1.2.0-rc.3. AngularJS is end-of-life and will not receive updates to fix this issue.
CVSS v3.1
Score 7.6high
Affected software
Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-11998 is a high-severity vulnerability in Google AngularJS's Strict Contextual Escaping (SCE) mechanism. The flaw involves incomplete filtering of special elements in resource URLs, where the logic that matches entire URLs against regular expressions can be bypassed by partial matches. This allows unsafe values to be used as resource URLs, which can lead to arbitrary JavaScript execution within the context of the victim's browser session. The vulnerability affects AngularJS version 1.2.0-rc.3. Since AngularJS is end-of-life, no official fixes or patches are available.
Potential Impact
Successful exploitation can lead to arbitrary JavaScript execution in the victim's browser, potentially compromising confidentiality, integrity, and availability of the affected web application and user data. The CVSS score of 7.6 reflects a high impact with network attack vector, low attack complexity, no privileges required, user interaction required, unchanged scope, high confidentiality impact, low integrity impact, and low availability impact.
Mitigation Recommendations
No official fix or patch is available because AngularJS is end-of-life and will not receive updates. Users should consider migrating to supported frameworks or versions that do not have this vulnerability. Review application usage of AngularJS 1.2.0-rc.3 and avoid using untrusted resource URLs in security-sensitive contexts. Employ additional application-level controls to sanitize and validate URLs where possible.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- HeroDevs
- Date Reserved
- 2026-06-11T15:46:34.897Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a3c4ce14853345fc1df8cd1
Added to database: 06/24/2026, 21:32:17 UTC
Last enriched: 06/24/2026, 21:46:40 UTC
Last updated: 06/25/2026, 03:22:23 UTC
Views: 7
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.