CVE-2021-47776

Umbraco CMS v8.14.1 contains a server-side request forgery vulnerability that allows attackers to manipulate baseUrl parameters in multiple dashboard and help controller endpoints. Attackers can craft malicious requests to the GetContextHelpForPage, GetRemoteDashboardContent, and GetRemoteDashboardCss endpoints to trigger unauthorized server-side requests to external hosts.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://our.umbraco.com/	Product
https://releases.umbraco.com/all-releases	Release Notes
https://www.exploit-db.com/exploits/50462	Exploit VDB Entry

Configurations

Configuration 1 (hide)

cpe:2.3:a:umbraco:umbraco_cms:8.14.1:*:*:*:*:*:*:*

History

17 Jun 2026, 04:18

Type	Values Removed	Values Added
Summary		(es) Umbraco CMS v8.14.1 contiene una vulnerabilidad de falsificación de petición del lado del servidor que permite a los atacantes manipular los parámetros baseUrl en múltiples puntos finales de controladores de panel de control y ayuda. Los atacantes pueden elaborar peticiones maliciosas a los puntos finales GetContextHelpForPage, GetRemoteDashboardContent y GetRemoteDashboardCss para desencadenar peticiones no autorizadas del lado del servidor a hosts externos.

23 Jan 2026, 18:06

Type	Values Removed	Values Added
CPE		cpe:2.3:a:umbraco:umbraco_cms:8.14.1:::::::*
References	~~() https://our.umbraco.com/ -~~	() https://our.umbraco.com/ - Product
References	~~() https://releases.umbraco.com/all-releases -~~	() https://releases.umbraco.com/all-releases - Release Notes
References	~~() https://www.exploit-db.com/exploits/50462 -~~	() https://www.exploit-db.com/exploits/50462 - Exploit, VDB Entry
First Time		Umbraco Umbraco umbraco Cms

15 Jan 2026, 16:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-01-15 16:16

Updated : 2026-06-17 04:18

NVD link : CVE-2021-47776

Mitre link : CVE-2021-47776

CVE.ORG link : CVE-2021-47776

JSON object : View

Products Affected

umbraco

umbraco_cms

CWE

CWE-918

Server-Side Request Forgery (SSRF)

{"id": "CVE-2021-47776", "cveTags": [], "metrics": {"ssvcV203": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "ssvcData": {"id": "CVE-2021-47776", "role": "CISA Coordinator", "options": [{"exploitation": "poc"}, {"automatable": "yes"}, {"technicalImpact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-15T16:40:24.992298Z"}}], "cvssMetricV31": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.9, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "affected": [{"source": "disclosure@vulncheck.com", "affectedData": [{"vendor": "umbraco", "product": "Umbraco", "versions": [{"status": "affected", "version": "8.14.1"}]}]}], "published": "2026-01-15T16:16:09.510", "references": [{"url": "https://our.umbraco.com/", "tags": ["Product"], "source": "disclosure@vulncheck.com"}, {"url": "https://releases.umbraco.com/all-releases", "tags": ["Release Notes"], "source": "disclosure@vulncheck.com"}, {"url": "https://www.exploit-db.com/exploits/50462", "tags": ["Exploit", "VDB Entry"], "source": "disclosure@vulncheck.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "description": [{"lang": "en", "value": "CWE-918"}]}], "descriptions": [{"lang": "en", "value": "Umbraco CMS v8.14.1 contains a server-side request forgery vulnerability that allows attackers to manipulate baseUrl parameters in multiple dashboard and help controller endpoints. Attackers can craft malicious requests to the GetContextHelpForPage, GetRemoteDashboardContent, and GetRemoteDashboardCss endpoints to trigger unauthorized server-side requests to external hosts."}, {"lang": "es", "value": "Umbraco CMS v8.14.1 contiene una vulnerabilidad de falsificaci\u00f3n de petici\u00f3n del lado del servidor que permite a los atacantes manipular los par\u00e1metros baseUrl en m\u00faltiples puntos finales de controladores de panel de control y ayuda. Los atacantes pueden elaborar peticiones maliciosas a los puntos finales GetContextHelpForPage, GetRemoteDashboardContent y GetRemoteDashboardCss para desencadenar peticiones no autorizadas del lado del servidor a hosts externos."}], "lastModified": "2026-06-17T04:18:28.200", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:umbraco:umbraco_cms:8.14.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0C1D9021-A4ED-4EDA-BD5F-AD763FE932A6"}], "operator": "OR"}]}], "sourceIdentifier": "disclosure@vulncheck.com"}