Cache Me If You Can: Umbraco Forms & The ImageSharp Betrayal

Alon Barad

Software Engineer

Jan 23, 2026·5 min read·12 visits

No Known Exploit

Executive Summary (TL;DR)

Umbraco Forms protects your sensitive uploads, but the ImageSharp library—optimized for performance—tells CDNs to cache them publicly. If an admin views a protected file, it gets stored on the CDN edge, allowing anyone with the direct link to bypass authentication and download the file.

A Web Cache Deception vulnerability exists in Umbraco Forms where sensitive uploaded files are inadvertently cached by CDNs due to aggressive caching headers set by the ImageSharp library, potentially allowing unauthenticated access to private data.

Attack Flow Diagram

Official Patches

UmbracoUmbraco Forms Repository

Technical Appendix

CVSS Score

3.1/ 10

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS Probability

0.04%

Top 100% most exploited

Affected Systems

Umbraco CMS (using Umbraco Forms)ImageSharp MiddlewareContent Delivery Networks (CDN)

Affected Versions Detail

Product	Affected Versions	Fixed Version
Umbraco Forms Umbraco	< 13.9.0	13.9.0
Umbraco Forms Umbraco	< 16.4.0	16.4.0
Umbraco Forms Umbraco	< 17.1.0	17.1.0

Attribute	Detail
Attack Vector	Network (CDN Cache Deception)
CVSS Score	3.1 (Low)
Complexity	High (Requires GUID knowledge)
Privileges	None (Unauthenticated)
Impact	Confidentiality (Information Disclosure)
Vulnerability Type	Web Cache Deception / Insecure Storage

MITRE ATT&CK Mapping

T1596Search Open Technical Databases

Reconnaissance

T1040Network Sniffing

Credential Access

CWE-524

Information Exposure Through Caching

The application allows sensitive information to be cached by an intermediary (CDN), allowing unauthorized access.

Known Exploits & Detection

Manual AnalysisExploitation requires knowledge of specific GUIDs and CDN presence.

Vulnerability Timeline

Vulnerability Published

2026-01-22

Subscribe to updates

Get the latest CVE analysis reports delivered to your inbox.