CVE-2021-47776
published 2026-01-15CVE-2021-47776: Umbraco CMS v8.14.1 contains a server-side request forgery vulnerability that allows attackers to manipulate baseUrl parameters in multiple dashboard and help…
PriorityP429medium5.3CVSS 3.1
AVNACLPRNUINSUCNILAN
EPSS
0.34%
26.1th percentile
Umbraco CMS v8.14.1 contains a server-side request forgery vulnerability that allows attackers to manipulate baseUrl parameters in multiple dashboard and help controller endpoints. Attackers can craft malicious requests to the GetContextHelpForPage, GetRemoteDashboardContent, and GetRemoteDashboardCss endpoints to trigger unauthorized server-side requests to external hosts.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| umbraco | umbraco | — | — |
| umbraco | umbraco_cms | — | — |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
nvdv4.06.9MEDIUMCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Umbraco CMS contains a server-side request forgery vulnerability
ghsa·2026-01-15
CVE-2021-47776 [MEDIUM] CWE-918 Umbraco CMS contains a server-side request forgery vulnerability
Umbraco CMS contains a server-side request forgery vulnerability
Umbraco CMS v8.14.1 contains a server-side request forgery vulnerability that allows attackers to manipulate baseUrl parameters in multiple dashboard and help controller endpoints. Attackers can craft malicious requests to the GetContextHelpForPage, GetRemoteDashboardContent, and GetRemoteDashboardCss endpoints to trigger unauthorized server-side requests to external hosts.
OSV
Umbraco CMS contains a server-side request forgery vulnerability
osv·2026-01-15
CVE-2021-47776 [MEDIUM] Umbraco CMS contains a server-side request forgery vulnerability
Umbraco CMS contains a server-side request forgery vulnerability
Umbraco CMS v8.14.1 contains a server-side request forgery vulnerability that allows attackers to manipulate baseUrl parameters in multiple dashboard and help controller endpoints. Attackers can craft malicious requests to the GetContextHelpForPage, GetRemoteDashboardContent, and GetRemoteDashboardCss endpoints to trigger unauthorized server-side requests to external hosts.
No detection rules found.
No public exploits indexed.
2026-01-15
Published