Primary

Context

Umbraco CMS Privilege Escalation Vulnerability

Vulnerability

Patched

A privilege escalation vulnerability exists in Umbraco CMS versions 15.3.1 prior to 16.5.1 and 17.2.2. This vulnerability allows authenticated backoffice users with user management permissions to elevate their privileges. The issue arises from inadequate authorization checks when users modify group memberships, enabling the assignment of highly privileged roles without proper validation. As a result, affected users may gain administrative rights, granting them full control over the CMS, including access to content, user management, and configuration settings.

Impact

Exploitation allows an authenticated backoffice user to escalate privileges to the Administrator level, resulting in complete administrative control over the Umbraco CMS instance.

Remediation

Users can upgrade to Umbraco CMS versions 16.5.1 or 17.2.2 to address this vulnerability.

Added: Mar 10, 2026, 10:17 PM

Updated: Mar 10, 2026, 10:17 PM

Vulnerability Rating

Custom Algorithm

spread

6.4

impact

5.0

exploitability

5.4

remediation

7.7

relevance

3.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.4

impact

5.0

exploitability

5.4

remediation

7.7

relevance

3.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Umbraco CMS Privilege Escalation Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Umbraco

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating