COOEY // HUBcompliance · community · intelligence

FAIL › dossier

umbraco vendor

2
failure events
0
zero-days
2
RCEs
0
on KEV
2
critical
50
worst shame

Dossier not yet built — the RAG curator builds one for players with ≥2 failure events (factory/dossier.py). The failure history and sentiment below are live.

Failure history 2 events

DateEventSevFlagsShameSummary
2025-12-22 CVE-2025-67288 critical ⚡RCE 50 An arbitrary file upload vulnerability in Umbraco CMS v16.3.3 allows attackers to execute arbitrary code by uploading a crafted PDF file. NOTE: this is disputed by the Supplier because the responsibility for file validation (as shown in the documentation) belongs to the system ad
2023-02-24 CVE-2021-33224 critical ⚡RCE 50 File upload vulnerability in Umbraco Forms v.8.7.0 allows unauthenticated attackers to execute arbitrary code via a crafted web.config and asp file.