Browse all 47 CVE security advisories affecting Umbraco. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Umbraco is an open-source .NET content management system designed for building and managing digital experiences. Its architecture relies heavily on ASP.NET, making it a frequent target for web application attacks. Historically, the platform has been vulnerable to critical flaws, including Remote Code Execution (RCE) and Cross-Site Scripting (XSS), often stemming from insufficient input validation or insecure default configurations. Privilege escalation vulnerabilities have also been documented, allowing attackers to gain administrative access through manipulated requests. While the core framework is robust, many security incidents involve third-party packages or custom implementations that fail to adhere to secure coding standards. Recent advisories highlight the importance of keeping the CMS and its extensions updated to mitigate known risks. The high number of recorded CVEs underscores the necessity for rigorous patch management and security auditing in Umbraco deployments to prevent exploitation of these persistent weaknesses.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-68924 | Umbraco Forms 安全漏洞 — FormsCWE-829 | 7.5 | High | 2026-01-16 |
This page lists every published CVE security advisory associated with Umbraco. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.