72 matches found
Path Traversal
Umbraco Forms is vulnerable to Path Traversal. The vulnerability is due to insufficient validation of file paths, where an authenticated backoffice-user can enumerate and traverse paths/files on the system's filesystem and read their contents, particularly on Mac/Linux Umbraco installations using...
CVE-2026-24687
Umbraco Forms is a form builder that integrates with the Umbraco content management system. It's possible for an authenticated backoffice-user to enumerate and traverse paths/files on the systems filesystem and read their contents, on Mac/Linux Umbraco installations using Forms. As Umbraco Cloud...
EUVD-2026-4966
Umbraco.Forms has Path Traversal and File Enumeration Vulnerabilities in Linux/Mac...
Umbraco.Forms has Path Traversal and File Enumeration Vulnerabilities in Linux/Mac
Impact It's possible for an authenticated backoffice-user to enumerate and traverse paths/files on the systems filesystem and read their contents, on Mac/Linux Umbraco installations using Forms. As Umbraco Cloud runs in a Windows environment, Cloud users aren't affected. Patches This issue affect...
GHSA-HM5P-82G6-M3XH Umbraco.Forms has Path Traversal and File Enumeration Vulnerabilities in Linux/Mac
Impact It's possible for an authenticated backoffice-user to enumerate and traverse paths/files on the systems filesystem and read their contents, on Mac/Linux Umbraco installations using Forms. As Umbraco Cloud runs in a Windows environment, Cloud users aren't affected. Patches This issue affect...
Directory Traversal
Overview Umbraco.Forms is an a form creator that's as easy to use. Affected versions of this package are vulnerable to Directory Traversal via the fileName parameter of the export endpoint. An attacker can access and read arbitrary files on the filesystem by submitting specially crafted requests...
CVE-2026-24687
Umbraco Forms is a form builder that integrates with the Umbraco content management system. It's possible for an authenticated backoffice-user to enumerate and traverse paths/files on the systems filesystem and read their contents, on Mac/Linux Umbraco installations using Forms. As Umbraco Cloud...
CVE-2026-24687 Umbraco.Forms has path traversal and file enumeration vulnerability in Linux/Mac
Umbraco Forms is a form builder that integrates with the Umbraco content management system. It's possible for an authenticated backoffice-user to enumerate and traverse paths/files on the systems filesystem and read their contents, on Mac/Linux Umbraco installations using Forms. As Umbraco Cloud...
CVE-2026-24687
Umbraco Forms is a form builder that integrates with the Umbraco content management system. It's possible for an authenticated backoffice-user to enumerate and traverse paths/files on the systems filesystem and read their contents, on Mac/Linux Umbraco installations using Forms. As Umbraco Cloud...
CVE-2026-24687 Umbraco.Forms has path traversal and file enumeration vulnerability in Linux/Mac
Umbraco Forms is a form builder that integrates with the Umbraco content management system. It's possible for an authenticated backoffice-user to enumerate and traverse paths/files on the systems filesystem and read their contents, on Mac/Linux Umbraco installations using Forms. As Umbraco Cloud...
CVE-2026-24687
Umbraco.Forms (forms component for Umbraco CMS) is affected on Mac/Linux installations using Forms. The vulnerability allows an authenticated backoffice user to enumerate and traverse filesystem paths via the fileName parameter of the export endpoint (/umbraco/forms/api/v1/export), enabling read ...
CVE-2026-24687 Umbraco.Forms has path traversal and file enumeration vulnerability in Linux/Mac
Umbraco Forms is a form builder that integrates with the Umbraco content management system. It's possible for an authenticated backoffice-user to enumerate and traverse paths/files on the systems filesystem and read their contents, on Mac/Linux Umbraco installations using Forms. As Umbraco Cloud...
PT-2026-5347
Umbraco Forms is a form builder that integrates with the Umbraco content management system. It's possible for an authenticated backoffice-user to enumerate and traverse paths/files on the systems filesystem and read their contents, on Mac/Linux Umbraco installations using Forms. As Umbraco Cloud...
Umbraco Forms path traversal vulnerability
Umbraco Forms is a form-building tool developed by the Umbraco company. Versions 16 and 17 of Umbraco Forms contain a path traversal vulnerability. This vulnerability allows authenticated backend users to enumerate and traverse system file paths, potentially leading to the reading of file content...
GHSA-7JXJ-RPX7-PH2C Umbraco.Forms CDN may cache sensitive form uploads when processed by ImageSharp
Impact Protected files uploaded through Umbraco Forms may be served to unauthenticated users when a CDN or caching layer is present and ImageSharp processes the request. ImageSharp sets aggressive cache headers by default, which can cause intermediary caches to store and serve files that should...
EUVD-2026-4132
Umbraco.Forms CDN may cache sensitive form uploads when processed by ImageSharp...
Umbraco.Forms CDN may cache sensitive form uploads when processed by ImageSharp
Impact Protected files uploaded through Umbraco Forms may be served to unauthenticated users when a CDN or caching layer is present and ImageSharp processes the request. ImageSharp sets aggressive cache headers by default, which can cause intermediary caches to store and serve files that should...
CVE-2025-68924
In Umbraco UmbracoForms through 8.13.16, an authenticated attacker can supply a malicious WSDL aka Webservice URL as a data source for remote code execution...
CVE-2025-68924
In Umbraco UmbracoForms through 8.13.16, an authenticated attacker can supply a malicious WSDL aka Webservice URL as a data source for remote code execution...
Umbraco Forms security vulnerabilities
Umbraco Forms is a form-building tool developed by the Umbraco company. Umbraco Forms versions 8.13.16 and earlier contained security vulnerabilities. These vulnerabilities stemmed from authenticated attackers being able to provide malicious WSDL URLs as data sources, potentially leading to remot...