CVE-2026-41468

Name of the Vulnerable Software and Affected Versions Beghelli Sicuro24 SicuroWeb (affected versions not specified)

Description The software embeds AngularJS 1.5.2, an end-of-life component containing known sandbox escape primitives. When combined with template injection within the application, these primitives allow attackers to escape the AngularJS sandbox and execute arbitrary JavaScript in operator browser sessions. This can lead to session hijacking, DOM manipulation, and persistent browser compromise. In plaintext HTTP deployments, network-adjacent attackers can deliver the injection and escape chain via a Man-in-the-Middle (MITM) attack without active user interaction.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.