343 matches found
CVE-2026-31832 Umbraco Backoffice API Allows Unauthorized Modification of Domain Data
Umbraco is an ASP.NET CMS. From 14.0.0 to before 16.5.1 and 17.2.2, A broken object-level authorization vulnerability exists in a backoffice API endpoint that allows authenticated users to assign domain-related data to content nodes without proper authorization checks. The issue is caused by...
CVE-2026-31832
Umbraco is an ASP.NET CMS. From 14.0.0 to before 16.5.1 and 17.2.2, A broken object-level authorization vulnerability exists in a backoffice API endpoint that allows authenticated users to assign domain-related data to content nodes without proper authorization checks. The issue is caused by...
CVE-2026-31832 Umbraco Backoffice API Allows Unauthorized Modification of Domain Data
Umbraco is an ASP.NET CMS. From 14.0.0 to before 16.5.1 and 17.2.2, A broken object-level authorization vulnerability exists in a backoffice API endpoint that allows authenticated users to assign domain-related data to content nodes without proper authorization checks. The issue is caused by...
CVE-2026-31832 Umbraco Backoffice API Allows Unauthorized Modification of Domain Data
Umbraco is an ASP.NET CMS. From 14.0.0 to before 16.5.1 and 17.2.2, A broken object-level authorization vulnerability exists in a backoffice API endpoint that allows authenticated users to assign domain-related data to content nodes without proper authorization checks. The issue is caused by...
PT-2026-24487
Name of the Vulnerable Software and Affected Versions Umbraco versions 15.3.1 through 16.5.0 Umbraco version 17.2.2 Description Umbraco CMS contains a privilege escalation issue. Authenticated backoffice users with user management permissions may be able to gain elevated privileges due to...
PT-2026-24486
Name of the Vulnerable Software and Affected Versions Umbraco versions 16.2.0 through 16.5.0 Umbraco version 17.2.2 Description Umbraco is an ASP.NET CMS. An authenticated backoffice user with access to Settings can inject malicious HTML into property type descriptions. The issue stems from an...
PT-2026-24485
Name of the Vulnerable Software and Affected Versions Umbraco versions 14.0.0 through 16.5.0 Umbraco version 17.2.2 Description Umbraco, an ASP.NET CMS, contains a flaw in a backoffice API endpoint related to object-level authorization. Authenticated users can assign domain-related data to conten...
Path Traversal
Umbraco Forms is vulnerable to Path Traversal. The vulnerability is due to insufficient validation of file paths, where an authenticated backoffice-user can enumerate and traverse paths/files on the system's filesystem and read their contents, particularly on Mac/Linux Umbraco installations using...
CVE-2026-24687
Umbraco Forms is a form builder that integrates with the Umbraco content management system. It's possible for an authenticated backoffice-user to enumerate and traverse paths/files on the systems filesystem and read their contents, on Mac/Linux Umbraco installations using Forms. As Umbraco Cloud...
Umbraco.Forms has Path Traversal and File Enumeration Vulnerabilities in Linux/Mac
Impact It's possible for an authenticated backoffice-user to enumerate and traverse paths/files on the systems filesystem and read their contents, on Mac/Linux Umbraco installations using Forms. As Umbraco Cloud runs in a Windows environment, Cloud users aren't affected. Patches This issue affect...
EUVD-2026-4966
Umbraco.Forms has Path Traversal and File Enumeration Vulnerabilities in Linux/Mac...
Directory Traversal
Overview Umbraco.Forms is an a form creator that's as easy to use. Affected versions of this package are vulnerable to Directory Traversal via the fileName parameter of the export endpoint. An attacker can access and read arbitrary files on the filesystem by submitting specially crafted requests...
CVE-2026-24687
Umbraco Forms is a form builder that integrates with the Umbraco content management system. It's possible for an authenticated backoffice-user to enumerate and traverse paths/files on the systems filesystem and read their contents, on Mac/Linux Umbraco installations using Forms. As Umbraco Cloud...
CVE-2026-24687 Umbraco.Forms has path traversal and file enumeration vulnerability in Linux/Mac
Umbraco Forms is a form builder that integrates with the Umbraco content management system. It's possible for an authenticated backoffice-user to enumerate and traverse paths/files on the systems filesystem and read their contents, on Mac/Linux Umbraco installations using Forms. As Umbraco Cloud...
CVE-2026-24687 Umbraco.Forms has path traversal and file enumeration vulnerability in Linux/Mac
Umbraco Forms is a form builder that integrates with the Umbraco content management system. It's possible for an authenticated backoffice-user to enumerate and traverse paths/files on the systems filesystem and read their contents, on Mac/Linux Umbraco installations using Forms. As Umbraco Cloud...
CVE-2026-24687
Umbraco Forms is a form builder that integrates with the Umbraco content management system. It's possible for an authenticated backoffice-user to enumerate and traverse paths/files on the systems filesystem and read their contents, on Mac/Linux Umbraco installations using Forms. As Umbraco Cloud...
CVE-2026-24687 Umbraco.Forms has path traversal and file enumeration vulnerability in Linux/Mac
Umbraco Forms is a form builder that integrates with the Umbraco content management system. It's possible for an authenticated backoffice-user to enumerate and traverse paths/files on the systems filesystem and read their contents, on Mac/Linux Umbraco installations using Forms. As Umbraco Cloud...
CVE-2026-24687
Umbraco.Forms (forms component for Umbraco CMS) is affected on Mac/Linux installations using Forms. The vulnerability allows an authenticated backoffice user to enumerate and traverse filesystem paths via the fileName parameter of the export endpoint (/umbraco/forms/api/v1/export), enabling read ...
PT-2026-5347
Umbraco Forms is a form builder that integrates with the Umbraco content management system. It's possible for an authenticated backoffice-user to enumerate and traverse paths/files on the systems filesystem and read their contents, on Mac/Linux Umbraco installations using Forms. As Umbraco Cloud...
Sensitive Information Disclosure
Umbraco.cms is vulnerable to Sensitive Information Disclosure. The vulnerability is due to unsafe handling and cleanup of temporary files during the dictionary upload process, which allows an attacker with backoffice access to infer the existence of arbitrary files on the server and, in some...