Vendor
A server-side request forgery (SSRF) vulnerability exists in `@angular/platform-server` due to improper processing of the request URL by the server-side rendering engine, allowing attackers to redirect relative HTTP requests to attacker-controlled servers, potentially exposing internal APIs or metadata services; patch CVE-2026-46417 immediately.