CVE-2024-34071: Umbraco is an ASP.NET CMS used by more than 730.000 websites. Umbraco has an endpoint that is vulnerable to open redirects. The endpoint is protected ...

Description

Umbraco is an ASP.NET CMS used by more than 730.000 websites. Umbraco has an endpoint that is vulnerable to open redirects. The endpoint is protected so it requires the user to be signed into backoffice before the vulnerable is exposed. This vulnerability has been patched in version(s) 8.18.14, 10.8.6, 12.3.10 and 13.3.1.

Metrics

CVSS 3.1

6.1/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS Probability

0.38%

29.3th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Umbraco	Umbraco Cms	>= 8.18.5, < 8.18.14
Umbraco	Umbraco Cms	>= 10.5.0, < 10.8.6
Umbraco	Umbraco Cms	>= 12.0.0, < 12.3.10
Umbraco	Umbraco Cms	>= 13.0.0, < 13.3.1

References

Timeline

Published: May 21, 2024
Last Modified: Jun 17, 2026
Status: Analyzed

Frequently Asked Questions

What is CVE-2024-34071?

Umbraco is an ASP.NET CMS used by more than 730.000 websites. Umbraco has an endpoint that is vulnerable to open redirects. The endpoint is protected so it requires the user to be signed into backoffice before the vulnerable is exposed. This vulnerability has been patched in version(s) 8.18.14, 10.8.6, 12.3.10 and 13.3.1.

How severe is CVE-2024-34071?

CVE-2024-34071 has a CVSS score of 6.1/10 (MEDIUM severity). The EPSS model estimates a 0.38% probability of exploitation in the next 30 days.

How do I fix CVE-2024-34071?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.