CVE-2026-27449 | Umbraco Umbraco.Engage.Forms up to 16.2.0/17.1.0 API Endpoint ID access control (GHSA-86vq-ccwf-rm62)

A vulnerability identified as critical has been detected in Umbraco Umbraco.Engage.Forms up to 16.2.0/17.1.0. This affects an unknown part of the component API Endpoint. The manipulation of the argument ID leads to improper access controls.

This vulnerability is traded as CVE-2026-27449. It is possible to initiate the attack remotely. There is no exploit available.

You should upgrade the affected component.VulDB Recent EntriesRead More