NuGet CVE Archive

Umbraco.Cms CVE Vulnerabilities

All known CVEs affecting Umbraco.Cms. Kodem’s runtime-powered SCA reveals which are actually reachable in your application.

Known vulnerabilities

CVE

Summary

Severity

CVE-2026-46609

Umbraco.Cms: XSS/HTML Injection in Umbraco Backoffice confirmation dialog

Medium

CVE-2026-46616

Umbraco.Cms: Open Redirect Vulnerability in Surface Controllers

Medium

CVE-2026-31834

Umbraco Affected by Vertical Privilege Escalation via Missing Authorization…

High

CVE-2026-31833

Umbraco has Stored XSS in UFM Rendering Pipeline via Permissive DOMPurify…

Medium

CVE-2026-31832

Umbraco Backoffice API Allows Unauthorized Modification of Domain Data

Medium

CVE-2025-67288

Umbraco CMS has an arbitrary file upload vulnerability

Medium

CVE-2025-66625

Umbraco Vulnerable to Improper File Access and Credential Exposure in…

Medium

CVE-2025-49147

Umbraco CMS disclosure of configured password requirements

Medium

CVE-2025-48953

Umbraco Vulnerable to By-Pass of Configured Allowed Extensions for File Uploads

Medium

CVE-2025-46736

Umbraco Makes User Enumeration Feasible Based on Timing of Login Response

Medium

CVE-2025-32017

Umbraco has a Management API Vulnerability to Path Traversal With Authenticated…

High

CVE-2024-10761

XSS/HTML Injection Vulnerability in Umbraco Preview Badge

Medium

CVE-2025-24011

Umbraco Allows User Enumeration Feasible Based On Management API Timing and…

Medium

CVE-2024-48929

Umbraco CMS Has Incomplete Server Termination During Explicit Sign-Out

Medium

CVE-2024-48927

Umbraco has a Potential Code Execution Risk When Viewing SVG Files in Full…

Medium

CVE-2024-48926

Umbraco CMS logout page displayed before session expiration

Medium

CVE-2024-43377

Umbraco CMS Improper Access Control vulnerability

Medium

CVE-2023-49273

Privilege Escalation using Spoofing

Medium

CVE-2023-48313

DOM-XSS on Backoffice login screen.

Medium

CVE-2015-8813

Umbraco CMS vulnerable to CSRF

High

CVE-2015-8814

Umbraco CMS vulnerable to CSRF

High

Prioritize Umbraco.Cms vulnerabilities

Kodem Kai can identify which of these CVEs are reachable in your dependency tree and generate targeted fix recommendations.

Get a demo →

Stop the waste.
Protect your environment with Kodem.

Get a personalized demo

Umbraco.Cms CVE Vulnerabilities

Prioritize Umbraco.Cms vulnerabilities

Stop the waste.Protect your environment with Kodem.

Stop the waste.
Protect your environment with Kodem.