CVE-2024-48926— Umbraco CMS logout page displayed before session expiration
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2024-48926
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Umbraco CMS logout page displayed before session expiration
Source: NVD (National Vulnerability Database)
Vulnerability Description
Umbraco, a free and open source .NET content management system, has an insufficient session expiration issue in versions on the 13.x branch prior to 13.5.2, 10.x prior to 10.8.7, and 8.x prior to 8.18.15. The Backoffice displays the logout page with a session timeout message before the server session has fully expired, causing users to believe they have been logged out approximately 30 seconds before they actually are. Versions 13.5.2, 10.8,7, and 8.18.15 contain a patch for the issue.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
不充分的会话过期机制
Source: NVD (National Vulnerability Database)
Vulnerability Title
Umbraco CMS 代码问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Umbraco CMS是丹麦Umbraco公司的一个内容管理系统。 Umbraco CMS存在代码问题漏洞,该漏洞源于存在会话过期不足的问题。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| umbraco | Umbraco-CMS | >= 13.0.0, < 13.5.2 | - |
II. Public POCs for CVE-2024-48926
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2024-48926
请登录查看更多情报信息。
Same Patch Batch · umbraco · 2024-10-22 · 5 CVEs total
| CVE-2024-48927 | 4.6 MEDIUM | Potential Code Execution Risk When Viewing SVG Files in Full Screen in Backoffice |
| CVE-2024-48929 | 4.2 MEDIUM | Umbraco CMS Has Incomplete Server Termination During Explicit Sign-Out |
| CVE-2024-47819 | 4.2 MEDIUM | Umbraco CMS vulnerable to stored Cross-site Scripting in the "dictionary name" on Dictiona |
| CVE-2024-48925 | Umbraco CMS Improper Access Control Vulnerability Allows Low-Privilege Users to Access Web |
IV. Related Vulnerabilities
Same product: Umbraco-CMS
- CVE-2026-31834
Umbraco Affected by Vertical Privilege Escalation via Missin - CVE-2026-31833
Umbraco has Stored XSS in UFM Rendering Pipeline via Permiss - CVE-2026-31832
Umbraco Backoffice API Allows Unauthorized Modification of D - CVE-2025-66625
Umbraco Vulnerable to Improper File Access and Credential Ex - CVE-2025-54425
Umbraco's Delivery API allows for cached requests to be retu
Same vendor: umbraco
- CVE-2026-31834
Umbraco Affected by Vertical Privilege Escalation via Missin - CVE-2026-31833
Umbraco has Stored XSS in UFM Rendering Pipeline via Permiss - CVE-2026-31832
Umbraco Backoffice API Allows Unauthorized Modification of D - CVE-2026-27449
Umbraco.Engage.Forms Allows Unauthorized Access to Multiple - CVE-2026-24687
Umbraco.Forms has path traversal and file enumeration vulner
Same weakness: CWE-613
- CVE-2026-41902
FreeScout's user invitation hash never expires: permanent un - CVE-2026-41519
Weblate's API Token Not Invalidated on Password Change - CVE-2026-41891
CI4MS: Deactivated User Session Bypass (active=0) - CVE-2026-40934
jupyter-server authentication cookies remain valid after pas - CVE-2026-42421
OpenClaw < 2026.4.8 - WebSocket Session Persistence via Shar
V. Comments for CVE-2024-48926
No comments yet