GHSA-2qjj-h6wp-c7h7
Suggest an improvement- Source
- https://github.com/advisories/GHSA-2qjj-h6wp-c7h7
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/05/GHSA-2qjj-h6wp-c7h7/GHSA-2qjj-h6wp-c7h7.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-2qjj-h6wp-c7h7
- Aliases
-
- CVE-2026-46616
- Published
- 2026-05-21T19:58:06Z
- Modified
- 2026-06-10T18:46:57.007531268Z
- Severity
-
- 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N CVSS Calculator
- Summary
- Umbraco.Cms: Open Redirect Vulnerability in Surface Controllers
- Details
-
Impact
Some of the Surface Controllers in the CMS provide to support member related operations fail to validate redirect URLs, making Razor templates that derive 'RedirectUrl' from user-controlled query parameters vulnerable to malicious redirect attacks.
Patches
The issue is resolved in versions 17.4.0 and 13.14.0.
Workarounds
If users cannot upgrade immediately, they can mitigate the issue in their own site by ensuring every Razor form that posts to
UmbLoginStatusController,UmbProfileControllerorUmbRegisterControllerpasses a concrete, trustedRedirectUrlintoHtml.BeginUmbracoForm'sroute values.For example:
@using (Html.BeginUmbracoForm<UmbLoginStatusController>( "HandleLogout", new { RedirectUrl = Model.Url() })) { <button type="submit">Log out</button> }Resources
https://github.com/umbraco/Umbraco-CMS/pull/22565 https://github.com/umbraco/Umbraco-CMS/pull/22561
- Database specific
{ "nvd_published_at": "2026-06-10T17:16:37Z", "severity": "MODERATE", "github_reviewed": true, "cwe_ids": [ "CWE-601" ], "github_reviewed_at": "2026-05-21T19:58:06Z" }- References
Affected packages
NuGet / Umbraco.Cms
Package
- Name
- Umbraco.Cms
- View open source insights on deps.dev
- Purl
- pkg:nuget/Umbraco.Cms
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed13.14.0
Affected versions
9.*
9.0.0-rc001
9.0.0-rc002
9.0.0-rc003
9.0.0-rc004
9.0.0
9.0.1
9.1.0-rc
9.1.0
9.1.1
9.1.2
9.2.0-rc
9.2.0
9.3.0-rc
9.3.0
9.3.1
9.4.0-rc
9.4.0
9.4.1
9.4.2
9.4.3
9.5.0-rc
9.5.0-rc2
9.5.0-rc3
9.5.0
9.5.1
9.5.2
9.5.3
9.5.4
10.*
10.0.0-rc1
10.0.0-rc2
10.0.0-rc3
10.0.0-rc4
10.0.0-rc5
10.0.0
10.0.1
10.1.0-rc
10.1.0-rc2
10.1.0
10.1.1
10.2.0-rc
10.2.0
10.2.1
10.3.0-rc
10.3.0
10.3.1
10.3.2
10.4.0-rc
10.4.0
10.4.1
10.4.2
10.5.0-rc
10.5.0
10.5.1
10.6.0-rc
10.6.0
10.6.1
10.7.0-rc
10.7.0
10.8.0-rc
10.8.0
10.8.1
10.8.2
10.8.3
10.8.4
10.8.5
10.8.6
10.8.7
10.8.8
10.8.9
10.8.10
10.8.11
11.*
11.0.0-rc1
11.0.0-rc2
11.0.0-rc3
11.0.0-rc4
11.0.0-rc5
11.0.0-rc6
11.0.0
11.1.0-rc
11.1.0
11.2.0-rc
11.2.0
11.2.1
11.2.2
11.3.0-rc
11.3.0
11.3.1
11.4.0-rc
11.4.0
11.4.1
11.4.2
11.5.0-rc
11.5.0
12.*
12.0.0-rc1
12.0.0-rc2
12.0.0-rc3
12.0.0-rc4
12.0.0-rc5
12.0.0
12.0.1
12.1.0-rc
12.1.0
12.1.1
12.1.2
12.2.0-rc
12.2.0
12.3.0-rc
12.3.0
12.3.1
12.3.2
12.3.3
12.3.4
12.3.5
12.3.6
12.3.7
12.3.8
12.3.9
12.3.10
13.*
13.0.0-rc1
13.0.0-rc2
13.0.0-rc3
13.0.0-rc4
13.0.0-rc5
13.0.0
13.0.1
13.0.2
13.0.3
13.1.0-rc
13.1.0
13.1.1
13.2.0-rc
13.2.0
13.2.1
13.2.2
13.3.0-rc
13.3.0
13.3.1
13.3.2
13.4.0-rc
13.4.0-rc2
13.4.0
13.4.1
13.5.0-rc
13.5.0
13.5.1
13.5.2
13.5.3
13.6.0-rc
13.6.0-rc2
13.6.0
13.7.0-rc
13.7.0
13.7.1
13.7.2
13.8.0-rc
13.8.0
13.8.1
13.9.0-rc
13.9.0
13.9.1
13.9.2
13.9.3
13.10.0-rc
13.10.0
13.10.1
13.11.0-rc
13.11.0-rc2
13.11.0
13.12.0-rc
13.12.0-rc2
13.12.0
13.12.1
13.13.0-rc
13.13.0-rc2
13.13.0-rc3
13.13.0
13.13.1
13.14.0-rc
13.14.0-rc2
13.14.0-rc3
NuGet / Umbraco.Cms
Package
- Name
- Umbraco.Cms
- View open source insights on deps.dev
- Purl
- pkg:nuget/Umbraco.Cms