What is CVE-2026-46609?

CVE-2026-46609 is a medium-severity vulnerability, classified under Cross-site Scripting. CVSS score: 4.6/10. Published 2026-06-10.

How severe is CVE-2026-46609?

Medium severity. CVSS v3 base score is 4.6 out of 10.

CVE-2026-46609

CVE-2026-46609

Umbraco is an ASP.NET CMS. From version 14.0.0 to before version 17.4.0, authenticated users are able to inject HTML into an input field, which is rendered in the confirmation dialog without proper output encoding. This issue has been patc…

Vulnerability class: XSS (Cross-Site Scripting)

CVSS v3 metric

CVSS v3 base score 4.6 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N.

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

security-advisories@github.com

Frequently asked questions

What is CVE-2026-46609?: CVE-2026-46609 is a medium-severity vulnerability, classified under Cross-site Scripting. CVSS score: 4.6/10. Published 2026-06-10.
How severe is CVE-2026-46609?: Medium severity. CVSS v3 base score is 4.6 out of 10.