Umbraco Umbraco-cms
33 CVEs affecting Umbraco Umbraco-cms. Latest disclosed: 2026-03-10. Critical: 0, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-32017 | High | 8.8 | 2025-04-08 | Umbraco is a free and open source .NET content management system. Authenticated users to the Umbraco backoffice are able to craft management API request that e… |
CVE-2023-49089 | High | 7.7 | 2023-12-12 | Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.8.1, and 12.3.0, Backoffice users with permi… |
CVE-2023-37267 | High | 7.5 | 2023-07-13 | Umbraco is a ASP.NET CMS. Under rare conditions a restart of Umbraco can allow unauthorized users access to admin-level permissions. This vulnerability was pat… |
CVE-2026-31834 | High | 7.2 | 2026-03-10 | Umbraco is an ASP.NET CMS. From 15.3.1 to before 16.5.1 and 17.2.2, A privilege escalation vulnerability has been identified in Umbraco CMS. Under certain cond… |
CVE-2026-31833 | Medium | 6.7 | 2026-03-10 | Umbraco is an ASP.NET CMS. From 16.2.0 to before 16.5.1 and 17.2.2, An authenticated backoffice user with access to Settings can inject malicious HTML into pro… |
CVE-2024-34071 | Medium | 6.1 | 2024-05-21 | Umbraco is an ASP.NET CMS used by more than 730.000 websites. Umbraco has an endpoint that is vulnerable to open redirects. The endpoint is protected so it req… |
CVE-2025-48953 | Medium | 5.5 | 2025-06-03 | Umbraco is an ASP.NET content management system (CMS). Starting in version 14.0.0 and prior to versions 15.4.2 and 16.0.0, it's possible to upload a file that… |
CVE-2026-31832 | Medium | 5.4 | 2026-03-10 | Umbraco is an ASP.NET CMS. From 14.0.0 to before 16.5.1 and 17.2.2, A broken object-level authorization vulnerability exists in a backoffice API endpoint that… |
CVE-2024-43377 | Medium | 5.4 | 2024-08-20 | Umbraco CMS is an ASP.NET CMS. An authenticated user can access a few unintended endpoints. This issue is fixed in 14.1.2. |
CVE-2023-49273 | Medium | 5.4 | 2023-12-12 | Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.8.1, and 12.3.4, users with low privileges (… |
CVE-2025-54425 | Medium | 5.3 | 2025-07-30 | Umbraco is an ASP.NET CMS. In versions 13.0.0 through 13.9.2, 15.0.0 through 15.4.1 and 16.0.0 through 16.1.0, the content delivery API can be restricted from… |
CVE-2025-49147 | Medium | 5.3 | 2025-06-24 | Umbraco, a free and open source .NET content management system, has a vulnerability in versions 10.0.0 through 10.8.10 and 13.0.0 through 13.9.1. Via a request… |
CVE-2025-46736 | Medium | 5.3 | 2025-05-06 | Umbraco is a free and open source .NET content management system. Prior to versions 10.8.10 and 13.8.1, based on an analysis of the timing of post login API re… |
CVE-2025-24011 | Medium | 5.3 | 2025-01-21 | Umbraco is a free and open source .NET content management system. Starting in version 14.0.0 and prior to versions 14.3.2 and 15.1.2, it's possible to determin… |
CVE-2023-49278 | Medium | 5.3 | 2023-12-12 | Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.8.1, and 12.3.4, a brute force exploit can b… |
CVE-2025-66625 | Medium | 4.9 | 2025-12-09 | Umbraco is an ASP.NET CMS. Due to unsafe handling and deletion of temporary files in versions 10.0.0 through 13.12.0, during the dictionary upload process an a… |
CVE-2025-27602 | Medium | 4.9 | 2025-03-11 | Umbraco is a free and open source .NET content management system. In versions of Umbraco's web backoffice program prior to versions 10.8.9 and 13.7.1, via mani… |
CVE-2025-24012 | Medium | 4.6 | 2025-01-21 | Umbraco is a free and open source .NET content management system. Starting in version 14.0.0 and prior to versions 14.3.2 and 15.1.2, authenticated users are a… |
CVE-2024-48927 | Medium | 4.6 | 2024-10-22 | Umbraco, a free and open source .NET content management system, has a remote code execution issue in versions on the 13.x branch prior to 13.5.2, 10.x prior to… |
CVE-2025-27601 | Medium | 4.3 | 2025-03-11 | Umbraco is a free and open source .NET content management system. An improper API access control issue has been identified Umbraco's API management package pri… |