Umbraco Umbraco_cms
57 CVEs affecting Umbraco Umbraco_cms. Latest disclosed: 2026-06-10. Critical: 4, High: 7.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-67288 | Critical | 10.0 | 2025-12-22 | An arbitrary file upload vulnerability in Umbraco CMS v16.3.3 allows attackers to execute arbitrary code by uploading a crafted PDF file. NOTE: this is dispute… |
CVE-2012-10054 | Critical | 9.8 | 2025-08-13 | Umbraco CMS versions prior to 4.7.1 are vulnerable to unauthenticated remote code execution via the codeEditorSave.asmx SOAP endpoint, which exposes a SaveDLRS… |
CVE-2014-10074 | Critical | 9.8 | 2018-08-27 | Umbraco before 7.2.0 has a remote PHP code execution vulnerability because Umbraco.Web.UI/config/umbracoSettings.Release.config does not block the upload of .p… |
CVE-2012-1301 | Critical | 9.8 | 2017-04-13 | The FeedProxy.aspx script in Umbraco 4.7.0 allows remote attackers to proxy requests on their behalf via the "url" parameter. |
CVE-2025-32017 | High | 8.8 | 2025-04-08 | Umbraco is a free and open source .NET content management system. Authenticated users to the Umbraco backoffice are able to craft management API request that e… |
CVE-2020-9471 | High | 8.8 | 2020-03-16 | Umbraco Cloud 8.5.3 allows an authenticated file upload (and consequently Remote Code Execution) via the Install Packages functionality. |
CVE-2022-22690 | High | 8.6 | 2022-01-18 | Within the Umbraco CMS, a configuration element named "UmbracoApplicationUrl" (or just "ApplicationUrl") is used whenever application code needs to build a URL… |
CVE-2023-49089 | High | 7.7 | 2023-12-12 | Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.8.1, and 12.3.0, Backoffice users with permi… |
CVE-2023-37267 | High | 7.5 | 2023-07-13 | Umbraco is a ASP.NET CMS. Under rare conditions a restart of Umbraco can allow unauthorized users access to admin-level permissions. This vulnerability was pat… |
CVE-2026-31834 | High | 7.2 | 2026-03-10 | Umbraco is an ASP.NET CMS. From 15.3.1 to before 16.5.1 and 17.2.2, A privilege escalation vulnerability has been identified in Umbraco CMS. Under certain cond… |
CVE-2019-25137 | High | 7.2 | 2023-05-18 | Umbraco CMS 4.11.8 through 7.15.10, and 7.12.4, allows Remote Code Execution by authenticated administrators via msxsl:script in an xsltSelection to developer/… |
CVE-2022-22691 | Medium | 6.8 | 2022-01-18 | The password reset component deployed within Umbraco uses the hostname supplied within the request host header when building a password reset URL. It may be po… |
CVE-2026-31833 | Medium | 6.7 | 2026-03-10 | Umbraco is an ASP.NET CMS. From 16.2.0 to before 16.5.1 and 17.2.2, An authenticated backoffice user with access to Settings can inject malicious HTML into pro… |
CVE-2024-55488 | Medium | 6.5 | 2025-01-22 | A stored cross-site scripting (XSS) vulnerability in Umbraco CMS v14.3.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. NOTE… |
CVE-2020-5811 | Medium | 6.5 | 2020-12-30 | An authenticated path traversal vulnerability exists during package installation in Umbraco CMS <= 8.9.1 or current, which could result in arbitrary files bein… |
CVE-2020-9472 | Medium | 6.5 | 2020-03-16 | Umbraco CMS 8.5.3 allows an authenticated file upload (and consequently Remote Code Execution) via the Install Package functionality. |
CVE-2024-34071 | Medium | 6.1 | 2024-05-21 | Umbraco is an ASP.NET CMS used by more than 730.000 websites. Umbraco has an endpoint that is vulnerable to open redirects. The endpoint is protected so it req… |
CVE-2021-34254 | Medium | 6.1 | 2021-06-28 | Umbraco CMS before 7.15.7 is vulnerable to Open Redirection due to insufficient url sanitization on booting.aspx. |
CVE-2025-48953 | Medium | 5.5 | 2025-06-03 | Umbraco is an ASP.NET content management system (CMS). Starting in version 14.0.0 and prior to versions 15.4.2 and 16.0.0, it's possible to upload a file that… |
CVE-2017-15280 | Medium | 5.5 | 2017-10-12 | XML external entity (XXE) vulnerability in Umbraco CMS before 7.7.3 allows attackers to obtain sensitive information by reading files on the server or sending… |