Redirect URL Validation Flaw in Umbraco CMS Affects User Safety
CVE-2026-46616
5.4MEDIUM
What is CVE-2026-46616?
Umbraco CMS is an ASP.NET-based content management system that has a vulnerability in some of its Surface Controllers. This flaw arises from a failure to properly validate redirect URLs associated with member operations, which allows attackers to exploit user-controlled query parameters. This results in potential malicious redirect attacks. The vulnerability has been addressed in versions 13.14.0 and 17.4.0, where necessary measures have been implemented to enhance URL validation.
Affected Version(s)
Umbraco-CMS < 13.14.0 < 13.14.0
Umbraco-CMS >= 17.3.0-rc, < 17.4.0 < 17.3.0-rc, 17.4.0
