CVE-2026-27449
Umbraco Engage (before versions 16.2.1 and 17.1.1) exposes certain API endpoints that do not enforce authentication or authorization. An unauthenticated user can query these endpoints directly (for example via an id parameter like ?id=) to enumerate and retrieve sensitive Engage data associated w...