vulnerability
Ubuntu: USN-7958-1 (CVE-2023-26118): AngularJS vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:N/I:N/A:P) | Mar 30, 2023 | Jun 26, 2025 | Apr 16, 2026 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Published
Mar 30, 2023
Added
Jun 26, 2025
Modified
Apr 16, 2026
Description
Versions of the package angular from 1.4.9 are vulnerable to Regular Expression Denial of Service (ReDoS) via the <input type="url"> element due to the usage of an insecure regular expression in the input[url] functionality. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.
Solutions
ubuntu-pro-upgrade-libjs-angularjsubuntu-upgrade-libjs-angularjs
References
- CVE-2023-26118
- https://attackerkb.com/topics/CVE-2023-26118
- CWE-1333
- EUVD-EUVD-2023-1086
- UBUNTU-USN-7958-1
- https://euvd.enisa.europa.eu/vulnerability/EUVD-2023-1086
- https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373046
- https://stackblitz.com/edit/angularjs-vulnerability-inpur-url-validation-redos
- https://www.cve.org/CVERecord?id=CVE-2023-26118
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.