CNNVD-202601-4867 Information
Jan 29, 2026
cve
CNNVD ID
CNNVD-202601-4867
Related CVE
- CNNVD Published: 2026-01-29
Description (Chinese)
Umbraco Forms是Umbraco公司的一款表单构建工具。 Umbraco Forms 16版本和17版本存在路径遍历漏洞,该漏洞源于经过身份验证的后台用户可枚举和遍历系统文件路径,可能导致读取文件内容。
Description (English)
Umbraco Forms is a form construction tool for Umbraco. Unbraco Forms 16 and 17 have a loophole in the path, which stems from the enumerable and cross-routing of the system by a back-office user with authentication, which may lead to reading the document content.
Hazard Level
High
Vulnerability Type
路径遍历
Affected Vendor
Umbraco
Published
2026-01-29
Last Modified
2026-02-24
References
https://github.com/umbraco/Umbraco.Forms.Issues/security/advisories/GHSA-hm5p-82g6-m3xh
Patch
https://github.com/umbraco/Umbraco.Forms.Issues
Share on: