Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Umbraco — Vulnerabilities & Security Advisories 47

Browse all 47 CVE security advisories affecting Umbraco. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by Umbraco:Umbraco-CMSUmbraco.Forms.IssuesUmbraco CMSCMSUmbracoIdentityExtensionsUmbraco.Workflow.IssuesUmbraco.Commerce.IssuesUmbracoFormsUmbraco.Engage.Forms
CVE IDTitleCVSSSeverityPublished
CVE-2026-31834 Umbraco Affected by Vertical Privilege Escalation via Missing Authorization Checks — Umbraco-CMSCWE-269 7.2 High2026-03-10
CVE-2026-31833 Umbraco has Stored XSS in UFM Rendering Pipeline via Permissive DOMPurify Attribute Filtering — Umbraco-CMSCWE-79 6.7 Medium2026-03-10
CVE-2026-31832 Umbraco Backoffice API Allows Unauthorized Modification of Domain Data — Umbraco-CMSCWE-639 5.4 Medium2026-03-10
CVE-2026-27449 Umbraco.Engage.Forms Allows Unauthorized Access to Multiple API Endpoints — Umbraco.Engage.FormsCWE-284 7.5 High2026-02-26
CVE-2026-24687 Umbraco.Forms has path traversal and file enumeration vulnerability in Linux/Mac — Umbraco.Forms.IssuesCWE-22 4.9AIMediumAI2026-01-29
CVE-2025-68924 Umbraco Forms 安全漏洞 — FormsCWE-829 7.5 High2026-01-16
CVE-2021-47776 Umbraco v8.14.1 - 'baseUrl' SSRF — UmbracoCWE-918 5.3 Medium2026-01-15
CVE-2025-66625 Umbraco Vulnerable to Improper File Access and Credential Exposure through Dictionary Import Functionality — Umbraco-CMSCWE-200 4.9 Medium2025-12-09
CVE-2012-10054 Umbraco CMS < 4.7.1 codeEditorSave.asmx RCE — CMSCWE-434 9.8AICriticalAI2025-08-13
CVE-2025-54425 Umbraco's Delivery API allows for cached requests to be returned with an invalid API key — Umbraco-CMSCWE-200 5.3 Medium2025-07-30
CVE-2025-49147 Umbraco.Cms Vulnerable to Disclosure of Configured Password Requirements — Umbraco-CMSCWE-497 5.3 Medium2025-06-24
CVE-2025-48953 Umbraco Vulnerable to By-Pass of Configured Allowed Extensions for File Uploads — Umbraco-CMSCWE-434 5.5 Medium2025-06-03
CVE-2025-47280 Umbraco.Forms has HTML injection vulnerability in 'Send email' workflow — Umbraco.Forms.IssuesCWE-116 4.7AIMediumAI2025-05-13
CVE-2025-46736 Umbraco Makes User Enumeration Feasible Based on Timing of Login Response — Umbraco-CMSCWE-204 5.3 Medium2025-05-06
CVE-2025-32017 Umbraco has a Management API Vulnerability to Path Traversal With Authenticated Users — Umbraco-CMSCWE-23 8.8 High2025-04-08
CVE-2025-27602 Umbraco Allows a Restricted Editor User to Delete Media Item or Access Unauthorized Content — Umbraco-CMSCWE-285 4.9 Medium2025-03-11
CVE-2025-27601 Umbraco Allows Improper API Access Control to Low-Privilege Users to Data Type Functionality — Umbraco-CMSCWE-285 4.3 Medium2025-03-11
CVE-2025-24012 Umbraco Backoffice Components Have XSS/HTML Injection Vulnerability — Umbraco-CMSCWE-79 4.6 Medium2025-01-21
CVE-2025-24011 Umbraco CMS Vulnerable to User Enumeration Feasible Based On Management API Timing and Response Codes — Umbraco-CMSCWE-200 5.3 Medium2025-01-21
CVE-2025-23041 Short and Long Answer Fields Are Not Validated Server-Side For Maximum Length in Umbraco.Forms — Umbraco.Forms.IssuesCWE-20 5.8 Medium2025-01-14
CVE-2024-10761 Umbraco CMS Dashboard frame cross site scripting — CMSCWE-79 4.3 Medium2024-11-04
CVE-2024-48929 Umbraco CMS Has Incomplete Server Termination During Explicit Sign-Out — Umbraco-CMSCWE-384 4.2 Medium2024-10-22
CVE-2024-48927 Potential Code Execution Risk When Viewing SVG Files in Full Screen in Backoffice — Umbraco-CMSCWE-74 4.6 Medium2024-10-22
CVE-2024-48926 Umbraco CMS logout page displayed before session expiration — Umbraco-CMSCWE-613 4.2 Medium2024-10-22
CVE-2024-48925 Umbraco CMS Improper Access Control Vulnerability Allows Low-Privilege Users to Access Webhook API — Umbraco-CMSCWE-284--2024-10-22
CVE-2024-47819 Umbraco CMS vulnerable to stored Cross-site Scripting in the "dictionary name" on Dictionary section — Umbraco-CMSCWE-79 4.2 Medium2024-10-22
CVE-2024-43377 Umbraco CMS Improper Access Control vulnerability — Umbraco-CMSCWE-284 5.4 Medium2024-08-20
CVE-2024-43376 Umbraco CMS vulnerable to Generation of Error Message Containing Sensitive Information — Umbraco-CMSCWE-209 4.3 Medium2024-08-20
CVE-2024-35240 Stored Cross-site Scripting on Print Functionality in Umbraco Commerce — Umbraco.Commerce.IssuesCWE-79 5.4 Medium2024-05-28
CVE-2024-35239 Stored Cross-site Scripting on Components of Umbraco Forms — Umbraco.Forms.IssuesCWE-79 2.7 Low2024-05-28

This page lists every published CVE security advisory associated with Umbraco. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.