CVE-2026-22191: CWE-1336 Improper Neutralization of Special Elements Used in a Template Engine in Beghelli SicuroWeb (Sicuro24)
Beghelli Sicuro24 SicuroWeb contains a template injection vulnerability that allows attackers to inject arbitrary AngularJS expressions by exploiting improper rendering of untrusted input in AngularJS template contexts. Attackers can inject malicious expressions that are compiled and executed by the AngularJS 1.5.2 runtime to achieve arbitrary JavaScript execution in operator browser sessions, with network-adjacent attackers able to deliver payloads via MITM injection in plaintext HTTP deployments.
AI Analysis
Technical Summary
CVE-2026-22191 is a template injection vulnerability in Beghelli Sicuro24 SicuroWeb affecting AngularJS 1.5.2. It arises from improper neutralization of special elements used in the template engine, allowing attackers to inject arbitrary AngularJS expressions. These expressions are compiled and executed by the AngularJS runtime in the context of operator browser sessions, enabling arbitrary JavaScript execution. The attack vector includes network-adjacent attackers performing man-in-the-middle injection on unencrypted HTTP traffic. The CVSS 4.0 vector indicates low attack complexity, no privileges required, user interaction needed, and limited scope impact.
Potential Impact
Successful exploitation enables arbitrary JavaScript execution in the context of operator browsers using SicuroWeb, potentially leading to session hijacking or unauthorized actions within the application. Network-adjacent attackers can exploit this vulnerability if they can intercept and modify plaintext HTTP traffic. There is no indication of privilege escalation or impact beyond the operator's browser session. No known exploits have been reported.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official patch or fix is documented, users should avoid deploying SicuroWeb over unencrypted HTTP to prevent man-in-the-middle injection attacks. Consider implementing network-level protections such as enforcing HTTPS and using secure transport to mitigate exploitation risk until an official fix is available.
CVE-2026-22191: CWE-1336 Improper Neutralization of Special Elements Used in a Template Engine in Beghelli SicuroWeb (Sicuro24)
Description
Beghelli Sicuro24 SicuroWeb contains a template injection vulnerability that allows attackers to inject arbitrary AngularJS expressions by exploiting improper rendering of untrusted input in AngularJS template contexts. Attackers can inject malicious expressions that are compiled and executed by the AngularJS 1.5.2 runtime to achieve arbitrary JavaScript execution in operator browser sessions, with network-adjacent attackers able to deliver payloads via MITM injection in plaintext HTTP deployments.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-22191 is a template injection vulnerability in Beghelli Sicuro24 SicuroWeb affecting AngularJS 1.5.2. It arises from improper neutralization of special elements used in the template engine, allowing attackers to inject arbitrary AngularJS expressions. These expressions are compiled and executed by the AngularJS runtime in the context of operator browser sessions, enabling arbitrary JavaScript execution. The attack vector includes network-adjacent attackers performing man-in-the-middle injection on unencrypted HTTP traffic. The CVSS 4.0 vector indicates low attack complexity, no privileges required, user interaction needed, and limited scope impact.
Potential Impact
Successful exploitation enables arbitrary JavaScript execution in the context of operator browsers using SicuroWeb, potentially leading to session hijacking or unauthorized actions within the application. Network-adjacent attackers can exploit this vulnerability if they can intercept and modify plaintext HTTP traffic. There is no indication of privilege escalation or impact beyond the operator's browser session. No known exploits have been reported.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official patch or fix is documented, users should avoid deploying SicuroWeb over unencrypted HTTP to prevent man-in-the-middle injection attacks. Consider implementing network-level protections such as enforcing HTTPS and using secure transport to mitigate exploitation risk until an official fix is available.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulnCheck
- Date Reserved
- 2026-01-06T16:47:17.183Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 69b36fc02f860ef9434ef290
Added to database: 3/13/2026, 2:00:32 AM
Last enriched: 4/22/2026, 10:36:26 PM
Last updated: 4/28/2026, 7:28:28 AM
Views: 35
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.