Known Vulnerabilities for Umbraco-CMS by Umbraco
Listed below are 5 of the newest known vulnerabilities associated with "Umbraco-CMS" by "Umbraco".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-46616 json | Umbraco is an ASP.NET CMS. Prior to versions 13.14.0 and 17.4.0, some of the Surface Controllers in the CMS provide to suppor... | Not Provided | 2026-06-10 | 2026-06-10 |
| CVE-2026-46609 json | Umbraco is an ASP.NET CMS. From version 14.0.0 to before version 17.4.0, authenticated users are able to inject HTML into an ... | Not Provided | 2026-06-10 | 2026-06-10 |
| CVE-2025-67288 json | An arbitrary file upload vulnerability in Umbraco CMS v16.3.3 allows attackers to execute arbitrary code by uploading a craft... | Not Provided | 2025-12-22 | 2026-07-08 |
| CVE-2024-55488 json | A stored cross-site scripting (XSS) vulnerability in Umbraco CMS v14.3.1 allows attackers to execute arbitrary web scripts or... | Not Provided | 2025-01-22 | 2026-07-05 |
| CVE-2021-33224 json | File upload vulnerability in Umbraco Forms v.8.7.0 allows unauthenticated attackers to execute arbitrary code via a crafted w... | Not Provided | 2023-02-24 | 2026-07-09 |