cbcvebase.

Umbraco Umbraco-Cms vulnerabilities

34 known vulnerabilities affecting umbraco/umbraco-cms.

Total CVEs
34
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH3MEDIUM29LOW1

Vulnerabilities

Page 1 of 2
CVE-2025-32017P3HIGHCVSS 8.8v>= 14.0.0--preview004, < 14.3.4v>= 15.0.0-rc1, < 15.3.12025-04-08
CVE-2025-32017 [HIGH] CWE-23 CVE-2025-32017: Umbraco is a free and open source .NET content management system. Authenticated users to the Umbraco Umbraco is a free and open source .NET content management system. Authenticated users to the Umbraco backoffice are able to craft management API request that exploit a path traversal vulnerability to upload files into a incorrect location. The issue affects Umbraco 14+ and is patched in 14.3.4 and 15.3.1.
nvd
CVE-2023-37267P3CRITICALCVSS 9.8v>= 9.0.0, < 10.6.1v>= 11.0.0, < 11.4.2+1 more2023-07-13
CVE-2023-37267 [CRITICAL] CWE-284 CVE-2023-37267: Umbraco is a ASP.NET CMS. Under rare conditions a restart of Umbraco can allow unauthorized users ac Umbraco is a ASP.NET CMS. Under rare conditions a restart of Umbraco can allow unauthorized users access to admin-level permissions. This vulnerability was patched in versions 10.6.1, 11.4.2 and 12.0.1.
nvd
CVE-2026-31834P3HIGHCVSS 7.2v>= 15.3.1, < 16.5.1v>= 17.0.0, < 17.2.12026-03-10
CVE-2026-31834 [HIGH] CWE-269 CVE-2026-31834: Umbraco is an ASP.NET CMS. From 15.3.1 to before 16.5.1 and 17.2.2, A privilege escalation vulnerabi Umbraco is an ASP.NET CMS. From 15.3.1 to before 16.5.1 and 17.2.2, A privilege escalation vulnerability has been identified in Umbraco CMS. Under certain conditions, authenticated backoffice users with permission to manage users, may be able to elevate their privileges due to insufficient authorization enforcement when modifying user group membership
nvd
CVE-2024-47819P3HIGHCVSS 8.7v>= 14.0.0, < 14.3.12024-10-22
CVE-2024-47819 [HIGH] CWE-79 CVE-2024-47819: Umbraco, a free and open source .NET content management system, has a cross-site scripting vulnerabi Umbraco, a free and open source .NET content management system, has a cross-site scripting vulnerability starting in version 14.0.0 and prior to versions 14.3.1 and 15.0.0. This can be leveraged to gain access to higher-privilege endpoints, e.g. if you get a user with admin privileges to run the code, you can potentially elevate all users and grant the
nvd
CVE-2026-31833P3MEDIUMCVSS 6.7v>= 16.2.0, < 16.5.1v>= 17.0.0, < 17.2.12026-03-10
CVE-2026-31833 [MEDIUM] CWE-79 CVE-2026-31833: Umbraco is an ASP.NET CMS. From 16.2.0 to before 16.5.1 and 17.2.2, An authenticated backoffice user Umbraco is an ASP.NET CMS. From 16.2.0 to before 16.5.1 and 17.2.2, An authenticated backoffice user with access to Settings can inject malicious HTML into property type descriptions. Due to an overly permissive attributeNameCheck configuration (/.+/) in the UFM DOMPurify instance, event handler attributes such as onclick and onload, when used within
nvd
CVE-2024-48925P3MEDIUMCVSS 6.5v>= 14.0.0, < 14.3.02024-10-22
CVE-2024-48925 [MEDIUM] CWE-284 CVE-2024-48925: Umbraco, a free and open source .NET content management system, has an improper access control issue Umbraco, a free and open source .NET content management system, has an improper access control issue starting in version 14.0.0 and prior to version 14.3.0. The issue allows low-privilege users to access the webhook API and retrieve information that should be restricted to users with access to the settings section. Version 14.3.0 contains a patch.
nvd
CVE-2025-27602P3MEDIUMCVSS 6.4fixed in 10.8.9v>= 11.0.0-rc1, < 13.7.12025-03-11
CVE-2025-27602 [MEDIUM] CWE-285 CVE-2025-27602: Umbraco is a free and open source .NET content management system. In versions of Umbraco's web backo Umbraco is a free and open source .NET content management system. In versions of Umbraco's web backoffice program prior to versions 10.8.9 and 13.7.1, via manipulation of backoffice API URLs, it's possible for authenticated backoffice users to retrieve or delete content or media held within folders the editor does not have access to. The issue is pa
nvd
CVE-2023-49089P3MEDIUMCVSS 6.5v>= 8.0.0, < 8.18.10v>= 9.0.0-rc001, < 10.8.1+1 more2023-12-12
CVE-2023-49089 [MEDIUM] CWE-22 CVE-2023-49089: Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versio Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.8.1, and 12.3.0, Backoffice users with permissions to create packages can use path traversal and thereby write outside of the expected location. Versions 8.18.10, 10.8.1, and 12.3.0 contain a patch for this issue.
nvd
CVE-2025-48953P3MEDIUMCVSS 6.5v>= 14.0.0, < 15.4.22025-06-03
CVE-2025-48953 [MEDIUM] CWE-434 CVE-2025-48953: Umbraco is an ASP.NET content management system (CMS). Starting in version 14.0.0 and prior to versi Umbraco is an ASP.NET content management system (CMS). Starting in version 14.0.0 and prior to versions 15.4.2 and 16.0.0, it's possible to upload a file that doesn't adhere with the configured allowable file extensions via a manipulated API request. The issue is patched in versions 15.4.2 and 16.0.0. No known workarounds are available.
nvd
CVE-2025-66625P4MEDIUMCVSS 4.9v10.0.0, < 13.12.12025-12-09
CVE-2025-66625 [MEDIUM] CWE-200 CVE-2025-66625: Umbraco is an ASP.NET CMS. Due to unsafe handling and deletion of temporary files in versions 10.0.0 Umbraco is an ASP.NET CMS. Due to unsafe handling and deletion of temporary files in versions 10.0.0 through 13.12.0, during the dictionary upload process an attacker with access to the backoffice can trigger predictable requests to temporary file paths. The application’s error responses (HTTP 500 when a file exists, 404 when it does not) allow the
nvd
CVE-2026-31832P4MEDIUMCVSS 5.4v>= 14.0.0, < 16.5.1v>= 17.0.0, < 17.2.02026-03-10
CVE-2026-31832 [MEDIUM] CWE-639 CVE-2026-31832: Umbraco is an ASP.NET CMS. From 14.0.0 to before 16.5.1 and 17.2.2, A broken object-level authorizat Umbraco is an ASP.NET CMS. From 14.0.0 to before 16.5.1 and 17.2.2, A broken object-level authorization vulnerability exists in a backoffice API endpoint that allows authenticated users to assign domain-related data to content nodes without proper authorization checks. The issue is caused by insufficient authorization enforcement on the affected API
nvd
CVE-2025-54425P4MEDIUMCVSS 5.3v>= 13.0.0, < 13.9.3v>= 15.0.0, < 15.4.4+1 more2025-07-30
CVE-2025-54425 [MEDIUM] CWE-200 CVE-2025-54425: Umbraco is an ASP.NET CMS. In versions 13.0.0 through 13.9.2, 15.0.0 through 15.4.1 and 16.0.0 throu Umbraco is an ASP.NET CMS. In versions 13.0.0 through 13.9.2, 15.0.0 through 15.4.1 and 16.0.0 through 16.1.0, the content delivery API can be restricted from public access where an API key must be provided in a header to authorize the request. It's also possible to configure output caching, such that the delivery API outputs will be cached for a pe
nvd
CVE-2025-24011P4MEDIUMCVSS 5.3v>= 14.0.0, < 14.3.2v>= 15.0.0, < 15.1.22025-01-21
CVE-2025-24011 [MEDIUM] CWE-200 CVE-2025-24011: Umbraco is a free and open source .NET content management system. Starting in version 14.0.0 and pri Umbraco is a free and open source .NET content management system. Starting in version 14.0.0 and prior to versions 14.3.2 and 15.1.2, it's possible to determine whether an account exists based on an analysis of response codes and timing of Umbraco management API responses. Versions 14.3.2 and 15.1.2 contain a patch. No known workarounds are availabl
nvd
CVE-2025-49147P4MEDIUMCVSS 5.3v>= 10.0.0, < 10.8.111v>= 13.0.0, < 13.9.22025-06-24
CVE-2025-49147 [MEDIUM] CWE-497 CVE-2025-49147: Umbraco, a free and open source .NET content management system, has a vulnerability in versions 10.0 Umbraco, a free and open source .NET content management system, has a vulnerability in versions 10.0.0 through 10.8.10 and 13.0.0 through 13.9.1. Via a request to an anonymously authenticated endpoint it's possible to retrieve information about the configured password requirements. The information available is limited but would perhaps give some add
nvd
CVE-2023-49273P4MEDIUMCVSS 5.4v>= 8.0.0, < 8.18.10v>= 9.0.0-rc001, < 10.8.1+1 more2023-12-12
CVE-2023-49273 [MEDIUM] CWE-863 CVE-2023-49273: Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versio Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.8.1, and 12.3.4, users with low privileges (Editor, etc.) are able to access some unintended endpoints. Versions 8.18.10, 10.8.1, and 12.3.4 contain a patch for this issue.
nvd
CVE-2024-34071P4MEDIUMCVSS 6.1v>= 8.18.5, < 8.18.14v>= 10.5.0, < 10.8.6+2 more2024-05-21
CVE-2024-34071 [MEDIUM] CWE-601 CVE-2024-34071: Umbraco is an ASP.NET CMS used by more than 730.000 websites. Umbraco has an endpoint that is vulner Umbraco is an ASP.NET CMS used by more than 730.000 websites. Umbraco has an endpoint that is vulnerable to open redirects. The endpoint is protected so it requires the user to be signed into backoffice before the vulnerable is exposed. This vulnerability has been patched in version(s) 8.18.14, 10.8.6, 12.3.10 and 13.3.1.
nvd
CVE-2026-46616P4MEDIUMCVSS 6.1fixed in 13.14.0v>= 17.3.0-rc, < 17.4.02026-06-10
CVE-2026-46616 [MEDIUM] CWE-601 CVE-2026-46616: Umbraco is an ASP.NET CMS. Prior to versions 13.14.0 and 17.4.0, some of the Surface Controllers in Umbraco is an ASP.NET CMS. Prior to versions 13.14.0 and 17.4.0, some of the Surface Controllers in the CMS provide to support member related operations fail to validate redirect URLs, making Razor templates that derive 'RedirectUrl' from user-controlled query parameters vulnerable to malicious redirect attacks. This issue has been patched in version
nvd
CVE-2023-49278P4MEDIUMCVSS 5.3v>= 8.0.0, < 8.18.10v>= 9.0.0-rc001, < 10.8.1+1 more2023-12-12
CVE-2023-49278 [MEDIUM] CWE-200 CVE-2023-49278: Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versio Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.8.1, and 12.3.4, a brute force exploit can be used to collect valid usernames. Versions 8.18.10, 10.8.1, and 12.3.4 contain a patch for this issue.
nvd
CVE-2023-49274P4MEDIUMCVSS 5.3v>= 8.0.0, < 8.18.10v>= 9.0.0-rc001, < 10.8.1+1 more2023-12-12
CVE-2023-49274 [MEDIUM] CWE-200 CVE-2023-49274: Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versio Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.8.1, and 12.3.4, a user enumeration attack is possible when SMTP is not set up correctly, but reset password is enabled. Versions 8.18.10, 10.8.1, and 12.3.4 contain a patch for this issue.
nvd
CVE-2024-28868P4MEDIUMCVSS 5.3v>= 10.0.0, < 10.8.52024-03-20
CVE-2024-28868 [MEDIUM] CWE-204 CVE-2024-28868: Umbraco is an ASP.NET content management system. Umbraco 10 prior to 10.8.4 with access to the nativ Umbraco is an ASP.NET content management system. Umbraco 10 prior to 10.8.4 with access to the native login screen is vulnerable to a possible user enumeration attack. This issue was fixed in version 10.8.5. As a workaround, one may disable the native login screen by exclusively using external logins.
nvd
Umbraco Umbraco-Cms vulnerabilities | cvebase