Vulnerability Database

308,681

Total vulnerabilities in the database

CVE-2024-43376

Umbraco is an ASP.NET CMS. Some endpoints in the Management API can return stack trace information, even when Umbraco is not in debug mode. This vulnerability is fixed in 14.1.2.

Published: Aug 20, 2024
Updated: Nov 16, 2025
CVE: CVE-2024-43376
GHSA: GHSA-77gj-crhp-3gvx
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.3
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWEs:

CWE-209

OWASP TOP 10:

A6 - Security Misconfiguration

Affected Software
References

Software	From	Fixed in
Umbraco.Cms.Api.Management	14.0.0	14.1.2
umbraco / umbraco_cms	14.0.0	14.1.2

https://github.com/umbraco/Umbraco-CMS/commit/b76070c794925932cb159ef50b851db6e966a004
https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-77gj-crhp-3gvx

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo