Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Umbraco — Vulnerabilities & Security Advisories 47

Browse all 47 CVE security advisories affecting Umbraco. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Umbraco is an open-source .NET content management system designed for building and managing digital experiences. Its architecture relies heavily on ASP.NET, making it a frequent target for web application attacks. Historically, the platform has been vulnerable to critical flaws, including Remote Code Execution (RCE) and Cross-Site Scripting (XSS), often stemming from insufficient input validation or insecure default configurations. Privilege escalation vulnerabilities have also been documented, allowing attackers to gain administrative access through manipulated requests. While the core framework is robust, many security incidents involve third-party packages or custom implementations that fail to adhere to secure coding standards. Recent advisories highlight the importance of keeping the CMS and its extensions updated to mitigate known risks. The high number of recorded CVEs underscores the necessity for rigorous patch management and security auditing in Umbraco deployments to prevent exploitation of these persistent weaknesses.

Found 4 results / 47Clear Filters
Top products by Umbraco: Umbraco-CMS Umbraco.Forms.Issues Umbraco CMS CMS UmbracoIdentityExtensions Umbraco.Workflow.Issues Umbraco.Commerce.Issues Umbraco Forms Umbraco.Engage.Forms
CVE IDTitleCVSSSeverityPublished
CVE-2026-24687 Umbraco.Forms has path traversal and file enumeration vulnerability in Linux/Mac — Umbraco.Forms.IssuesCWE-22 4.9AIMediumAI2026-01-29
CVE-2025-47280 Umbraco.Forms has HTML injection vulnerability in 'Send email' workflow — Umbraco.Forms.IssuesCWE-116 4.7AIMediumAI2025-05-13
CVE-2025-23041 Short and Long Answer Fields Are Not Validated Server-Side For Maximum Length in Umbraco.Forms — Umbraco.Forms.IssuesCWE-20 5.8 Medium2025-01-14
CVE-2024-35239 Stored Cross-site Scripting on Components of Umbraco Forms — Umbraco.Forms.IssuesCWE-79 2.7 Low2024-05-28

This page lists every published CVE security advisory associated with Umbraco. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.