HIGH
Angular
CVE published 2026-06-22
CVE-2026-49241
The Angular Language Service VS Code Extension provides a rich editing experience for Angular templates. Prior to 21.2.4, the client-side Angular Language Service VS Code extension reads custom TypeScript SDK paths directly from workspace configurations without verifying VS Code Workspace Trust state or asking for user consent. An attacker can exploit this behavior by committing a repository containing a [truncated]