Critical RCE Flaws Found in Angular Language Service Extension — Update to 21.2.4 Now

Multiple high-severity vulnerabilities have been discovered in the Angular Language Service VS Code extension (Angular.ng-template), exposing developers to remote code execution (RCE) through malicious project files and dependencies.

The issues, tracked as GitHub advisory GHSA-ccq4-xmxr-8hcq, affect all versions before 21.2.4 and are fixed in the latest release. Developers who clone repositories, open workspaces, or install third-party packages are particularly at risk.

Angular Language Service Extension Flaws

The vulnerabilities arise from two primary weaknesses: unsafe rendering of JSDoc content and insecure handling of the TypeScript SDK (tsdk) path in workspace settings. Both allow attackers to execute arbitrary commands on a developer’s machine, and both bypass VS Code’s Workspace Trust protections in practice.

The extension uses a Markdown renderer configured with a trusted mode that allows command URIs in rendered tooltips. The Angular Language Server, however, does not adequately sanitize JSDoc content before rendering. An attacker can embed a malicious link in JSDoc comments inside TypeScript or JavaScript files.

When a developer hovers over a symbol and clicks the rendered tooltip link, the link’s command URI executes on the host system. This attack requires minimal interaction but can trigger powerful actions because the renderer treats the content as trusted.

More dangerous flaw involves reading tsdk-related paths directly from .vscode/settings.json without validating workspace trust or requesting user consent. Those paths are passed to the background Node.js language server, which dynamically loads a tsserverlibrary.js file found at the specified location.

An attacker who commits a malicious tsserverlibrary.js into a repository and points workspace settings to it can achieve silent code execution when the workspace opens. Because the language server loads the file automatically, no click or explicit approval is needed for compromise.

Combined, these flaws allow full compromise of the developer environment. The tsdk-based vector runs silently during workspace initialization, while the JSDoc-based vector requires only a hover-and-click.

Both effectively neutralize intended protections from VS Code’s Workspace Trust model, turning routine developer actions code review, cloning, dependency installation into potential attack surfaces

The issues map to multiple Common Weakness Enumerations: CWE-79 (cross-site scripting / unsafe rendering), CWE-94 (code injection), CWE-427 (uncontrolled search path), and CWE-494 (unsafe code download/execution).

CVSS v4 scoring rates the problems as high severity, citing network-based vectors, low attack complexity, and no required privileges.

Mitigation

• Update the Angular Language Service to version 21.2.4 or later immediately.
• Inspect settings: Review .vscode/settings.json files for unexpected tsdk paths before opening repositories.
• Avoid untrusted repos: Do not open workspaces from untrusted sources without scanning and verification.
• Enforce workspace trust: Enable and strictly enforce VS Code Workspace Trust policies.
• Restrict dynamic loads: Consider policies preventing automatic loading of language-server files from workspace-controlled paths.