2 matches found
CVE-2026-31832
creationtimestamp| type| source ---|---|--- 2026-03-11 06:10:06+00:00| seen| https://gist.github.com/alon710/98fcddc0acbf6f779dedf7380ef30e3a...
CVE-2026-31832 Umbraco Backoffice API Allows Unauthorized Modification of Domain Data
Umbraco is an ASP.NET CMS. From 14.0.0 to before 16.5.1 and 17.2.2, A broken object-level authorization vulnerability exists in a backoffice API endpoint that allows authenticated users to assign domain-related data to content nodes without proper authorization checks. The issue is caused by...