What is CVE-2026-31834?

CVE-2026-31834 is a high-severity vulnerability in Umbraco Umbraco-cms, classified under Improper Privilege Management. CVSS score: 7.2/10. Published 2026-03-10.

How severe is CVE-2026-31834?

High severity. CVSS v3 base score is 7.2 out of 10.

Auth bypass in Umbraco Umbraco-cms

CVE-2026-31834

Umbraco is an ASP.NET CMS. From 15.3.1 to before 16.5.1 and 17.2.2, A privilege escalation vulnerability has been identified in Umbraco CMS. Under certain conditions, authenticated backoffice users with permission to manage users, may be a…

Vulnerability class: Privilege Escalation

EPSS: 0.001 (18.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.2 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H.

Affected products

Umbraco Umbraco-cms — versions >= 15.3.1, < 16.5.1, >= 17.0.0, < 17.2.1

Weakness classification (CWE)

References

https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-rhcg-3h8r-v6vp (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2026-31834?: CVE-2026-31834 is a high-severity vulnerability in Umbraco Umbraco-cms, classified under Improper Privilege Management. CVSS score: 7.2/10. Published 2026-03-10.
How severe is CVE-2026-31834?: High severity. CVSS v3 base score is 7.2 out of 10.