Umbraco Umbraco_forms
7 CVEs affecting Umbraco Umbraco_forms. Latest disclosed: 2026-01-29. Critical: 1, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2021-33224 | Critical | 9.8 | 2023-02-24 | File upload vulnerability in Umbraco Forms v.8.7.0 allows unauthenticated attackers to execute arbitrary code via a crafted web.config and asp file. |
CVE-2025-68924 | High | 7.5 | 2026-01-16 | In Umbraco UmbracoForms through 8.13.16, an authenticated attacker can supply a malicious WSDL (aka Webservice) URL as a data source for remote code execution. |
CVE-2026-24687 | Medium | 6.5 | 2026-01-29 | Umbraco Forms is a form builder that integrates with the Umbraco content management system. It's possible for an authenticated backoffice-user to enumerate and… |
CVE-2025-47280 | Medium | 6.1 | 2025-05-13 | Umbraco Forms is a form builder that integrates with the Umbraco content management system. Starting in the 7.x branch and prior to versions 13.4.2 and 15.1.2… |
CVE-2025-23041 | Medium | 5.8 | 2025-01-14 | Umbraco.Forms is a web form framework written for the nuget ecosystem. Character limits configured by editors for short and long answer fields are validated on… |
CVE-2020-7685 | Medium | 5.4 | 2020-07-28 | This affects all versions of package UmbracoForms. When using the default configuration for upload forms, it is possible to upload arbitrary file types. The pa… |
CVE-2024-35239 | Low | 2.7 | 2024-05-28 | Umbraco Commerce is an open source dotnet web forms solution. In affected versions an authenticated user that has access to edit Forms may inject unsafe code i… |