CVE-2026-46609EPSS p3.3%

CVE-2026-46609CVE-2026-46609

umbraco / umbraco_cms

Description

Umbraco is an ASP.NET CMS. From version 14.0.0 to before version 17.4.0, authenticated users are able to inject HTML into an input field, which is rendered in the confirmation dialog without proper output encoding. This issue has been patched in version 17.4.0.

Scoring

CVSS 4.6 ()
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
EPSS0.14% probability of exploitation · percentile 3.3% · 2026-06-19T12:03:05Z
Last modified2026-06-12

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-46616
CVE
CVE-2025-32017
CVE
CVE-2025-67288
CVE
CVE-2025-59545
CVE
CVE-2025-64095
CVE
CVE-2026-47636
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.