top of page
perceptive_background_267k.jpg

Beghelli Sicuro24 SicuroWeb embeds AngularJS 1.5.2, an end-of-life component containing known sandbox escape primitives. When combined with template injection p…

Published:

21 April 2026 at 22:00:00

Alert date:

22 April 2026 at 20:02:14

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies, Critical Infrastructure

Beghelli Sicuro24 SicuroWeb contains a critical vulnerability (CVE-2026-41468) due to embedding the end-of-life AngularJS 1.5.2 framework. The vulnerability combines sandbox escape primitives with template injection to allow arbitrary JavaScript execution in operator browser sessions. Attackers can achieve session hijacking, DOM manipulation, and persistent browser compromise. Network-adjacent attackers can exploit this via MITM attacks in plaintext HTTP deployments without requiring user interaction. The vulnerability affects the security management application used for monitoring and control systems.

Technical details

Mitigation steps:

Affected products:

Beghelli Sicuro24 SicuroWeb

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-41468
https://github.com/kmkz/Exploits/blob/master/2026/CVE-2026-22191-POC.py
https://github.com/kmkz/Exploits/blob/master/2026/CVE-2026-22191-SicuroWeb-ATI-chain.txt
https://www.beghelli.it
https://www.boffsec-services.com/posts/sicuroweb-cve-2026-22191/
https://www.vulncheck.com/advisories/beghelli-sicuro24-sicuroweb-angularjs-sandbox-escape-via-template-injection

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page