CVE-2026-41468 affects Beghelli Sicuro24 SicuroWeb due to its use of AngularJS 1.5.2, an unmaintained third-party component with known sandbox escape primitives. The presence of a template injection vulnerability in the same application allows attackers to combine these issues to escape AngularJS sandbox restrictions and execute arbitrary JavaScript code in operator browser sessions. This enables session hijacking, DOM manipulation, and persistent compromise of the browser environment. The attack vector includes network-adjacent attackers delivering the exploit chain via man-in-the-middle attacks on plaintext HTTP traffic, without requiring active user interaction. The vulnerability has a critical severity rating and a CVSS 4.0 score of 9.3. No patch or official remediation has been disclosed.

Successful exploitation allows attackers to execute arbitrary JavaScript in operator browser sessions, leading to session hijacking, manipulation of the Document Object Model (DOM), and persistent compromise of the browser. Network-adjacent attackers can perform man-in-the-middle attacks on unencrypted HTTP traffic to deliver the exploit without user interaction. This can severely impact the confidentiality and integrity of operator sessions and potentially the broader application environment.

No official patch or remediation is currently available from the vendor. Users should verify the vendor advisory for updates. Until a fix is released, mitigating the risk includes avoiding deployment of SicuroWeb over unencrypted HTTP to prevent man-in-the-middle exploitation. Consider isolating operator browser sessions and monitoring for suspicious activity. Applying network-level protections such as enforcing HTTPS and using secure communication channels is recommended to reduce exposure.