Advisories for Nuget/Umbraco.Cms.Api.Management package

2025

Umbraco Allows Improper API Access Control to Low-Privilege Users to Data Type Functionality

An improper API access control issue has been identified, allowing low-privilege, authenticated users to create and update data type information that should be restricted to users with access to the settings section.

2024

Umbraco CMS vulnerable to Generation of Error Message Containing Sensitive Information

Some endpoints in the Management API can return stack trace information, even when Umbraco is not in debug mode.