Primary

Context

Umbraco UmbracoForms Remote Code Execution Vulnerability via Malicious WSDL URL

Vulnerability

Patched

A remote code execution vulnerability exists in Umbraco UmbracoForms versions through 8.13.16. An authenticated attacker can exploit this issue by providing a malicious WSDL (Web Service Description Language) URL as a data source, which is then processed by the application, leading to unauthorized code execution.

Impact

Exploitation of this vulnerability allows for remote code execution on the server where Umbraco Forms is installed.

Remediation

Users are advised to upgrade to Umbraco Forms version 13.0.0 or later. Instructions for upgrading can be found in the Umbraco Forms documentation.

Added: Jan 16, 2026, 7:20 PM

Updated: Jan 16, 2026, 7:20 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

10.0

exploitability

5.4

remediation

8.3

relevance

2.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

10.0

exploitability

5.4

remediation

8.3

relevance

2.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Umbraco UmbracoForms Remote Code Execution Vulnerability via Malicious WSDL URL

Vulnerability

Impact

Remediation

Affected Products

Umbraco UmbracoForms

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating