GHSA-7JXJ-RPX7-PH2C
3.10.04%
Cache Me If You Can: Umbraco Forms & The ImageSharp Betrayal
Alon Barad
Software EngineerJan 23, 2026·5 min read·12 visits
No Known Exploit
Executive Summary (TL;DR)
Umbraco Forms protects your sensitive uploads, but the ImageSharp library—optimized for performance—tells CDNs to cache them publicly. If an admin views a protected file, it gets stored on the CDN edge, allowing anyone with the direct link to bypass authentication and download the file.
A Web Cache Deception vulnerability exists in Umbraco Forms where sensitive uploaded files are inadvertently cached by CDNs due to aggressive caching headers set by the ImageSharp library, potentially allowing unauthenticated access to private data.
Official Patches
Technical Appendix
CVSS Score
3.1/ 10
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:NEPSS Probability
0.04%
Top 100% most exploited
Affected Systems
Umbraco CMS (using Umbraco Forms)ImageSharp MiddlewareContent Delivery Networks (CDN)
Affected Versions Detail
| Product | Affected Versions | Fixed Version |
|---|---|---|
Umbraco Forms Umbraco | < 13.9.0 | 13.9.0 |
Umbraco Forms Umbraco | < 16.4.0 | 16.4.0 |
Umbraco Forms Umbraco | < 17.1.0 | 17.1.0 |
| Attribute | Detail |
|---|---|
| Attack Vector | Network (CDN Cache Deception) |
| CVSS Score | 3.1 (Low) |
| Complexity | High (Requires GUID knowledge) |
| Privileges | None (Unauthenticated) |
| Impact | Confidentiality (Information Disclosure) |
| Vulnerability Type | Web Cache Deception / Insecure Storage |
MITRE ATT&CK Mapping
CWE-524
Information Exposure Through Caching
The application allows sensitive information to be cached by an intermediary (CDN), allowing unauthorized access.
Known Exploits & Detection
Vulnerability Timeline
Vulnerability Published
2026-01-22
Subscribe to updates
Get the latest CVE analysis reports delivered to your inbox.