GHSA-RHCG-3H8R-V6VP Umbraco Affected by Vertical Privilege Escalation via Missing Authorization Checks

Description A privilege escalation vulnerability has been identified in Umbraco CMS. Under certain conditions, authenticated backoffice users with permission to manage users, may be able to elevate their privileges due to insufficient authorization enforcement when modifying user group membership...

EUVD-2026-10936

Umbraco has Stored XSS in UFM Rendering Pipeline via Permissive DOMPurify Attribute Filtering...

GHSA-VRQC-59MW-QQG7 Umbraco has Stored XSS in UFM Rendering Pipeline via Permissive DOMPurify Attribute Filtering

Description An authenticated backoffice user with access to Settings can inject malicious HTML into property type descriptions. Due to an overly permissive attributeNameCheck configuration /.+/ in the UFM DOMPurify instance, event handler attributes such as onclick and onload, when used within...

Improper Privilege Management

Overview Affected versions of this package are vulnerable to Improper Privilege Management due to insufficient authorization enforcement when modifying user group memberships. An attacker can gain higher-level privileges by assigning highly privileged roles without proper validation of their own...

Improper Privilege Management

Overview Affected versions of this package are vulnerable to Improper Privilege Management due to insufficient authorization enforcement when modifying user group memberships. An attacker can gain higher-level privileges by assigning highly privileged roles without proper validation of their own...

CVE-2026-31834

Umbraco is an ASP.NET CMS. From 15.3.1 to before 16.5.1 and 17.2.2, A privilege escalation vulnerability has been identified in Umbraco CMS. Under certain conditions, authenticated backoffice users with permission to manage users, may be able to elevate their privileges due to insufficient...

CVE-2026-31833

Umbraco is an ASP.NET CMS. From 16.2.0 to before 16.5.1 and 17.2.2, An authenticated backoffice user with access to Settings can inject malicious HTML into property type descriptions. Due to an overly permissive attributeNameCheck configuration /.+/ in the UFM DOMPurify instance, event handler...

CVE-2026-31834 Umbraco Affected by Vertical Privilege Escalation via Missing Authorization Checks

Umbraco is an ASP.NET CMS. From 15.3.1 to before 16.5.1 and 17.2.2, A privilege escalation vulnerability has been identified in Umbraco CMS. Under certain conditions, authenticated backoffice users with permission to manage users, may be able to elevate their privileges due to insufficient...

CVE-2026-31833 Umbraco has Stored XSS in UFM Rendering Pipeline via Permissive DOMPurify Attribute Filtering

Umbraco is an ASP.NET CMS. From 16.2.0 to before 16.5.1 and 17.2.2, An authenticated backoffice user with access to Settings can inject malicious HTML into property type descriptions. Due to an overly permissive attributeNameCheck configuration /.+/ in the UFM DOMPurify instance, event handler...

Path Traversal

Umbraco Forms is vulnerable to Path Traversal. The vulnerability is due to insufficient validation of file paths, where an authenticated backoffice-user can enumerate and traverse paths/files on the system's filesystem and read their contents, particularly on Mac/Linux Umbraco installations using...

EUVD-2026-4966

Umbraco.Forms has Path Traversal and File Enumeration Vulnerabilities in Linux/Mac...

CVE-2026-24687 Umbraco.Forms has path traversal and file enumeration vulnerability in Linux/Mac

Umbraco Forms is a form builder that integrates with the Umbraco content management system. It's possible for an authenticated backoffice-user to enumerate and traverse paths/files on the systems filesystem and read their contents, on Mac/Linux Umbraco installations using Forms. As Umbraco Cloud...

CVE-2026-24687

Umbraco Forms is a form builder that integrates with the Umbraco content management system. It's possible for an authenticated backoffice-user to enumerate and traverse paths/files on the systems filesystem and read their contents, on Mac/Linux Umbraco installations using Forms. As Umbraco Cloud...

CVE-2026-24687

Umbraco.Forms (forms component for Umbraco CMS) is affected on Mac/Linux installations using Forms. The vulnerability allows an authenticated backoffice user to enumerate and traverse filesystem paths via the fileName parameter of the export endpoint (/umbraco/forms/api/v1/export), enabling read ...

CVE-2026-24687 Umbraco.Forms has path traversal and file enumeration vulnerability in Linux/Mac

Umbraco Forms is a form builder that integrates with the Umbraco content management system. It's possible for an authenticated backoffice-user to enumerate and traverse paths/files on the systems filesystem and read their contents, on Mac/Linux Umbraco installations using Forms. As Umbraco Cloud...

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection due to a particular API endpoint modification by authenticated backoffice users, which allows the inclusion and execution of arbitrary SQL commands without proper sanitization or validation. An attacker can manipulate...

Umbraco 安全漏洞

Umbraco is an open source content management system CMS written in C from Umbraco, Denmark. A security vulnerability exists in Umbraco workflow versions prior to 10.3.9, 12.2.6, and 13.0.6, which stems from a Umbraco Backoffice user being able to modify a request from a specific API endpoint...

PT-2024-24928 · Umbraco · Umbraco Workflow

Name of the Vulnerable Software and Affected Versions: Umbraco Workflow versions prior to 10.3.9 Umbraco Workflow versions prior to 12.2.6 Umbraco Workflow versions prior to 13.0.6 Description: The issue allows an Umbraco Backoffice user to modify requests to a particular API endpoint to include...

Backoffice User can bypass "Publish" restriction

Impact Backoffice users with send for approval permission but not publish permission are able to publish in some scenarios. Explanation of the vulnerability Backoffice users without permission to publish content, but only to send for approval, can bypass the restriction by modifying the request...

PrestaShop Authorization Issues Vulnerability

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides multiple payment methods, short message alerts, and product image scaling. An authorization issue vulnerability exists in PrestaShop blockreassurance versions prior to 5.1.4. The...