12 matches found
CVE-2026-27449
Umbraco Engage is a business intelligence platform. A vulnerability has been identified in Umbraco Engage prior to versions 16.2.1 and 17.1.1 where certain API endpoints are exposed without enforcing authentication or authorization checks. The affected endpoints can be accessed directly over the...
GHSA-86VQ-CCWF-RM62 Umbraco.Engage.Forms Allows Unauthorized Access to Multiple API Endpoints
Description A vulnerability has been identified in Umbraco Engage where certain API endpoints are exposed without enforcing authentication or authorization checks. The affected endpoints can be accessed directly over the network without requiring a valid session or user credentials. By supplying ...
Umbraco.Engage.Forms Allows Unauthorized Access to Multiple API Endpoints
Description A vulnerability has been identified in Umbraco Engage where certain API endpoints are exposed without enforcing authentication or authorization checks. The affected endpoints can be accessed directly over the network without requiring a valid session or user credentials. By supplying ...
EUVD-2026-8896
Umbraco.Engage.Forms Allows Unauthorized Access to Multiple API Endpoints...
Improper Following of a Certificate's Chain of Trust
Overview Affected versions of this package are vulnerable to Improper Following of a Certificate's Chain of Trust in the exposed API endpoints that do not enforce authentication or authorization checks. An attacker can access and retrieve sensitive data associated with arbitrary records by direct...
CVE-2026-27449
Umbraco Engage is a business intelligence platform. A vulnerability has been identified in Umbraco Engage prior to versions 16.2.1 and 17.1.1 where certain API endpoints are exposed without enforcing authentication or authorization checks. The affected endpoints can be accessed directly over the...
CVE-2026-27449 Umbraco.Engage.Forms Allows Unauthorized Access to Multiple API Endpoints
Umbraco Engage is a business intelligence platform. A vulnerability has been identified in Umbraco Engage prior to versions 16.2.1 and 17.1.1 where certain API endpoints are exposed without enforcing authentication or authorization checks. The affected endpoints can be accessed directly over the...
CVE-2026-27449 Umbraco.Engage.Forms Allows Unauthorized Access to Multiple API Endpoints
Umbraco Engage is a business intelligence platform. A vulnerability has been identified in Umbraco Engage prior to versions 16.2.1 and 17.1.1 where certain API endpoints are exposed without enforcing authentication or authorization checks. The affected endpoints can be accessed directly over the...
CVE-2026-27449
Umbraco Engage is a business intelligence platform. A vulnerability has been identified in Umbraco Engage prior to versions 16.2.1 and 17.1.1 where certain API endpoints are exposed without enforcing authentication or authorization checks. The affected endpoints can be accessed directly over the...
CVE-2026-27449
Umbraco Engage (before versions 16.2.1 and 17.1.1) exposes certain API endpoints that do not enforce authentication or authorization. An unauthenticated user can query these endpoints directly (for example via an id parameter like ?id=) to enumerate and retrieve sensitive Engage data associated w...
Umbraco Engage 安全漏洞
Umbraco Engage is an extension to the digital experience platform developed by the Danish company Umbraco. Versions of Umbraco Engage prior to 16.2.1 and 17.1.1 contained security vulnerabilities. These vulnerabilities stemmed from the lack of authentication or authorization checks for certain AP...
PT-2026-22200
Name of the Vulnerable Software and Affected Versions Umbraco Engage versions prior to 16.2.1 Umbraco Engage versions prior to 17.1.1 Description Umbraco Engage is a business intelligence platform. A security issue exists in Umbraco Engage where certain API endpoints lack proper authentication or...