Plattform
dotnet
Komponente
umbraco.cms
Behoben in
15.3.2
17.0.1
16.5.1
A privilege escalation vulnerability has been identified in Umbraco CMS, affecting versions up to 16.5.0-rc. This flaw allows authenticated backoffice users with permission to manage users to potentially escalate their privileges to Administrator level. The vulnerability stems from insufficient authorization enforcement when modifying user group memberships, and a fix is available in version 16.5.1.
Successful exploitation of CVE-2026-31834 grants an attacker full administrative control over the Umbraco CMS instance. This includes the ability to modify content, users, settings, and potentially access sensitive data stored within the CMS. The impact is particularly severe as it requires only an authenticated backoffice user, not a system-level compromise, to achieve this elevated privilege. This could lead to data breaches, website defacement, and complete control over the affected web application.
CVE-2026-31834 was publicly disclosed on 2026-03-11. Its CVSS score of 7.2 (HIGH) indicates a significant risk. Currently, there are no publicly available proof-of-concept exploits, but the relatively straightforward nature of privilege escalation vulnerabilities suggests that one may emerge. The vulnerability has not yet been added to the CISA KEV catalog.
Organizations using Umbraco CMS versions 16.5.0-rc and earlier are at risk. Specifically, environments with multiple backoffice users and relaxed permission controls are particularly vulnerable. Shared hosting environments utilizing Umbraco CMS should also be carefully assessed, as they may be more susceptible to exploitation.
• .NET / Umbraco.Cms:
Get-WinEvent -LogName Application -Filter "EventID=1000 -Message*Umbraco CMS*" | Where-Object {$_.Properties[0].Value -match 'User Group Membership'}• .NET / Umbraco.Cms:
Get-Process | Where-Object {$_.ProcessName -match 'umbraco'}• .NET / Umbraco.Cms: Monitor application logs for unusual user activity or attempts to modify user group memberships. • .NET / Umbraco.Cms: Review user accounts and permissions to identify any accounts with excessive privileges.
disclosure
Exploit-Status
EPSS
0.05% (15% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2026-31834 is to upgrade Umbraco CMS to version 16.5.1 or later. If an immediate upgrade is not feasible, consider implementing stricter access controls and reviewing user group memberships to limit the potential blast radius. While a direct workaround is unavailable, carefully auditing user permissions and restricting access to user management functionalities can reduce the risk. After upgrading, confirm the fix by attempting to modify user group memberships with a non-administrator user and verifying that the action is denied.
Aktualisieren Sie Umbraco CMS auf Version 16.5.1 oder höher oder auf Version 17.2.2 oder höher, um die Privilege Escalation Vulnerabilität zu beheben. Dies verhindert, dass authentifizierte Benutzer mit eingeschränkten Berechtigungen ihre Privilegien durch Ändern der Benutzergruppenmitgliedschaften erhöhen.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-31834 is a vulnerability in Umbraco.Cms versions up to 16.5.0-rc that allows authenticated users to escalate their privileges to Administrator level due to insufficient authorization checks.
If you are using Umbraco.Cms version 16.5.0-rc or earlier, you are potentially affected by this vulnerability. Upgrade to 16.5.1 to mitigate the risk.
The recommended fix is to upgrade Umbraco.Cms to version 16.5.1 or later. If an immediate upgrade is not possible, implement stricter user permission controls.
Currently, no public proof-of-concept exploits are known, but the vulnerability's nature suggests potential for exploitation.
Refer to the official Umbraco.Cms security advisory for detailed information and updates: [https://our.umbraco.com/security/](https://our.umbraco.com/security/)
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine packages.lock.json-Datei hoch und wir sagen dir sofort, ob du betroffen bist.