CVE-2026-41468
Published: 22 April 2026
Summary
CVE-2026-41468 is a high-severity Use of Unmaintained Third Party Components (CWE-1104) vulnerability in Beghelli Sicuro24 SicuroWeb (inferred from references). Its CVSS base score is 8.7 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Browser Session Hijacking (T1185); ranked at the 21.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SA-22 (Unsupported System Components) and SC-8 (Transmission Confidentiality and Integrity).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Prohibits the use of end-of-life AngularJS 1.5.2, eliminating the known sandbox escape primitives central to this CVE.
Enforces transmission confidentiality and integrity via HTTPS, preventing MITM delivery of the template injection and sandbox escape payload over plaintext HTTP.
Requires timely remediation of the template injection and sandbox escape flaws in SicuroWeb, addressing the core vulnerability chain.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability enables arbitrary JavaScript execution in the browser via template injection and sandbox escape, directly facilitating Browser Session Hijacking (T1185) for session hijacking and DOM manipulation. It is exploited via Adversary-in-the-Middle (T1557) attacks on plaintext HTTP to deliver the malicious template without user interaction.
NVD Description
Beghelli Sicuro24 SicuroWeb embeds AngularJS 1.5.2, an end-of-life component containing known sandbox escape primitives. When combined with template injection present in the same application, these primitives allow attackers to escape the AngularJS sandbox and achieve arbitrary JavaScript execution in operator…
more
browser sessions, enabling session hijacking, DOM manipulation, and persistent browser compromise. Network-adjacent attackers can deliver the complete injection and escape chain via MITM in plaintext HTTP deployments without active user interaction.
Deeper analysisAI
CVE-2026-41468 is a sandbox escape vulnerability in the Beghelli Sicuro24 SicuroWeb application, which embeds AngularJS 1.5.2, an end-of-life component containing known sandbox escape primitives. This issue, published on 2026-04-22, arises when these primitives are combined with a template injection flaw present in the same application, enabling attackers to bypass the AngularJS sandbox and execute arbitrary JavaScript code in operator browser sessions. The vulnerability is classified under CWE-1104 and carries a CVSS v3.1 base score of 8.7 (AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L).
Network-adjacent attackers can exploit CVE-2026-41468 by conducting man-in-the-middle (MITM) attacks on plaintext HTTP deployments of SicuroWeb, delivering the complete template injection and sandbox escape chain without active user interaction. Exploitation grants arbitrary JavaScript execution in the victim's browser, facilitating session hijacking, DOM manipulation, and persistent browser compromise.
Advisories and related resources, including those from VulnCheck and Boffsec Services, along with proof-of-concept exploits hosted on GitHub and the vendor's site at beghelli.it, provide technical details on the issue; security practitioners should consult these for guidance on mitigation, such as upgrading AngularJS or deploying HTTPS to prevent MITM delivery.
Details
- CWE(s)