Umbraco Umbraco_forms

7 CVEs affecting Umbraco Umbraco_forms. Latest disclosed: 2026-01-29. Critical: 1, High: 1.

Top CVEs affecting Umbraco Umbraco_forms
CVESeverityScorePublishedSummary
CVE-2021-33224Critical9.82023-02-24File upload vulnerability in Umbraco Forms v.8.7.0 allows unauthenticated attackers to execute arbitrary code via a crafted web.config and asp file.
CVE-2025-68924High7.52026-01-16In Umbraco UmbracoForms through 8.13.16, an authenticated attacker can supply a malicious WSDL (aka Webservice) URL as a data source for remote code execution.
CVE-2026-24687Medium6.52026-01-29Umbraco Forms is a form builder that integrates with the Umbraco content management system. It's possible for an authenticated backoffice-user to enumerate and…
CVE-2025-47280Medium6.12025-05-13Umbraco Forms is a form builder that integrates with the Umbraco content management system. Starting in the 7.x branch and prior to versions 13.4.2 and 15.1.2…
CVE-2025-23041Medium5.82025-01-14Umbraco.Forms is a web form framework written for the nuget ecosystem. Character limits configured by editors for short and long answer fields are validated on…
CVE-2020-7685Medium5.42020-07-28This affects all versions of package UmbracoForms. When using the default configuration for upload forms, it is possible to upload arbitrary file types. The pa…
CVE-2024-35239Low2.72024-05-28Umbraco Commerce is an open source dotnet web forms solution. In affected versions an authenticated user that has access to edit Forms may inject unsafe code i…