{"url":"http://public2.vulnerablecode.io/api/packages/74781?format=json","purl":"pkg:nuget/Umbraco.CMS@15.3.1","type":"nuget","namespace":"","name":"Umbraco.CMS","version":"15.3.1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50857?format=json","vulnerability_id":"VCID-pwha-ak7s-zqdx","summary":"Umbraco Affected by Vertical Privilege Escalation via Missing Authorization Checks\nA privilege escalation vulnerability has been identified in Umbraco CMS. Under certain conditions, authenticated backoffice users with permission to manage users, may be able to elevate their privileges due to insufficient authorization enforcement when modifying user group memberships.\n\nThe affected functionality does not properly validate whether a user has sufficient privileges to assign highly privileged roles.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-31834","reference_id":"","reference_type":"","scores":[{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.18113","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.18017","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.17999","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.18075","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.18112","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-31834"},{"reference_url":"https://github.com/umbraco/Umbraco-CMS","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/umbraco/Umbraco-CMS"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31834","reference_id":"CVE-2026-31834","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31834"},{"reference_url":"https://github.com/advisories/GHSA-rhcg-3h8r-v6vp","reference_id":"GHSA-rhcg-3h8r-v6vp","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rhcg-3h8r-v6vp"},{"reference_url":"https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-rhcg-3h8r-v6vp","reference_id":"GHSA-rhcg-3h8r-v6vp","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-11T15:52:28Z/"}],"url":"https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-rhcg-3h8r-v6vp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74723?format=json","purl":"pkg:nuget/Umbraco.CMS@16.5.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/Umbraco.CMS@16.5.1"},{"url":"http://public2.vulnerablecode.io/api/packages/74724?format=json","purl":"pkg:nuget/Umbraco.CMS@17.2.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/Umbraco.CMS@17.2.2"}],"aliases":["CVE-2026-31834","GHSA-rhcg-3h8r-v6vp"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pwha-ak7s-zqdx"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/Umbraco.CMS@15.3.1"}