Advisories for Nuget/Umbraco.AI package

2026

Umbraco.AI discloses sensitive application configuration values

Under certain configurations, a user with elevated privileges may be able to cause sensitive application configuration values, potentially including secret material such as credentials, to be disclosed. Successful exploitation could expose confidential information and, depending on what the affected installation stores in configuration, enable further compromise. Exploitation requires access to the AI section of the backoffice and a specific custom AI provider, which limits real-world exposure.