22 matches found
EUVD-2026-10937
Umbraco Affected by Vertical Privilege Escalation via Missing Authorization Checks...
CVE-2026-31834
Umbraco is an ASP.NET CMS. From 15.3.1 to before 16.5.1 and 17.2.2, A privilege escalation vulnerability has been identified in Umbraco CMS. Under certain conditions, authenticated backoffice users with permission to manage users, may be able to elevate their privileges due to insufficient...
CVE-2026-31834 Umbraco Affected by Vertical Privilege Escalation via Missing Authorization Checks
Umbraco is an ASP.NET CMS. From 15.3.1 to before 16.5.1 and 17.2.2, A privilege escalation vulnerability has been identified in Umbraco CMS. Under certain conditions, authenticated backoffice users with permission to manage users, may be able to elevate their privileges due to insufficient...
CVE-2026-31834 Umbraco Affected by Vertical Privilege Escalation via Missing Authorization Checks
Umbraco is an ASP.NET CMS. From 15.3.1 to before 16.5.1 and 17.2.2, A privilege escalation vulnerability has been identified in Umbraco CMS. Under certain conditions, authenticated backoffice users with permission to manage users, may be able to elevate their privileges due to insufficient...
CVE-2026-31833
Summary : CVE-2026-31833 affects Umbraco (ASP.NET CMS). From 16.2.0 up to but not including 16.5.1 and 17.2.2, an authenticated backoffice user with Settings access can inject malicious HTML into property type descriptions due to an overly permissive attributeNameCheck in the UFM DOMPurify instan...
CVE-2026-31833 Umbraco has Stored XSS in UFM Rendering Pipeline via Permissive DOMPurify Attribute Filtering
Umbraco is an ASP.NET CMS. From 16.2.0 to before 16.5.1 and 17.2.2, An authenticated backoffice user with access to Settings can inject malicious HTML into property type descriptions. Due to an overly permissive attributeNameCheck configuration /.+/ in the UFM DOMPurify instance, event handler...
PT-2026-24487
Name of the Vulnerable Software and Affected Versions Umbraco versions 15.3.1 through 16.5.0 Umbraco version 17.2.2 Description Umbraco CMS contains a privilege escalation issue. Authenticated backoffice users with user management permissions may be able to gain elevated privileges due to...
Directory Traversal
Overview Umbraco.Forms is an a form creator that's as easy to use. Affected versions of this package are vulnerable to Directory Traversal via the fileName parameter of the export endpoint. An attacker can access and read arbitrary files on the filesystem by submitting specially crafted requests...
CVE-2023-49089
Umbraco is an ASP.NET content management system CMS. Starting in version 8.0.0 and prior to versions 8.18.10, 10.8.1, and 12.3.0, Backoffice users with permissions to create packages can use path traversal and thereby write outside of the expected location. Versions 8.18.10, 10.8.1, and 12.3.0...
EUVD-2023-3077
Malicious code in bioql PyPI...
EUVD-2024-2947
Malicious code in bioql PyPI...
CVE-2025-27602
CVE-2025-27602 affects Umbraco CMS backoffice functionality. Authentication against the backoffice API could allow a user with Editor permissions to access or delete content and media in folders they should not reach, via manipulation of API URLs. The issue is described as a permissions/authentic...
Remote Code Execution (RCE)
Umbraco is vulnerable to remote code execution. The vulnerability is due to improper handling of SVG files, where script tags within these files are not properly validated or stripped, allowing potential code execution when previewed by Backoffice users in full-screen mode...
CVE-2024-48927
Umbraco, a free and open source .NET content management system, has a remote code execution issue in versions on the 13.x branch prior to 13.5.2, 10.x prior to 10.8.7, and 8.x prior to 8.18.15. There is a potential risk of code execution for Backoffice users when they “preview” SVG files in full...
CVE-2024-48927 Potential Code Execution Risk When Viewing SVG Files in Full Screen in Backoffice
Umbraco, a free and open source .NET content management system, has a remote code execution issue in versions on the 13.x branch prior to 13.5.2, 10.x prior to 10.8.7, and 8.x prior to 8.18.15. There is a potential risk of code execution for Backoffice users when they “preview” SVG files in full...
Umbraco Workflow's Backoffice users can execute arbitrary SQL
Impact Backoffice users can execute arbitrary SQL. Explanation of the vulnerability A Backoffice user can modify requests to a particular API endpoint to include SQL which will be executed by the server. Affected versions All versions Patches Workflow 10.3.9, 12.2.6, 13.0.6, Plumber 10.1.2...
CVE-2024-32872 Umbraco Workflow's Backoffice users can execute arbitrary SQL
Umbraco workflow provides workflows for the Umbraco content management system. Prior to versions 10.3.9, 12.2.6, and 13.0.6, an Umbraco Backoffice user can modify requests to a particular API endpoint to include SQL, which will be executed by the server. Umbraco Workflow versions 10.3.9, 12.2.6,...
CVE-2024-32872 Umbraco Workflow's Backoffice users can execute arbitrary SQL
Umbraco workflow provides workflows for the Umbraco content management system. Prior to versions 10.3.9, 12.2.6, and 13.0.6, an Umbraco Backoffice user can modify requests to a particular API endpoint to include SQL, which will be executed by the server. Umbraco Workflow versions 10.3.9, 12.2.6,...
CVE-2024-32872 Umbraco Workflow's Backoffice users can execute arbitrary SQL
Umbraco workflow provides workflows for the Umbraco content management system. Prior to versions 10.3.9, 12.2.6, and 13.0.6, an Umbraco Backoffice user can modify requests to a particular API endpoint to include SQL, which will be executed by the server. Umbraco Workflow versions 10.3.9, 12.2.6,...
CVE-2023-49089
Umbraco is an ASP.NET content management system CMS. Starting in version 8.0.0 and prior to versions 8.18.10, 10.8.1, and 12.3.0, Backoffice users with permissions to create packages can use path traversal and thereby write outside of the expected location. Versions 8.18.10, 10.8.1, and 12.3.0...