GHSA-Q3V2-XJ35-9GRX: GHSA-Q3V2-XJ35-9GRX: Unrestricted Configuration Resolution in Umbraco.AI Leads to Sensitive Information Exposure

# security# cve# cybersecurity# ghsa
GHSA-Q3V2-XJ35-9GRX: GHSA-Q3V2-XJ35-9GRX: Unrestricted Configuration Resolution in Umbraco.AI Leads to Sensitive Information ExposureCVE Reports

GHSA-Q3V2-XJ35-9GRX: Unrestricted Configuration Resolution in Umbraco.AI Leads to Sensitive...

GHSA-Q3V2-XJ35-9GRX: Unrestricted Configuration Resolution in Umbraco.AI Leads to Sensitive Information Exposure

Vulnerability ID: GHSA-Q3V2-XJ35-9GRX
CVSS Score: 4.9
Published: 2026-07-14

An information exposure vulnerability exists in Umbraco.AI package versions up to 1.13.0, where an authenticated backoffice user with elevated privileges can resolve and retrieve arbitrary configuration values from the global ASP.NET Core IConfiguration hierarchy.

TL;DR

Umbraco.AI versions <= 1.13.0 allow administrators to extract sensitive application secrets (like database connection strings) by exploiting an unrestricted dynamic configuration resolver.


⚠️ Exploit Status: POC

Technical Details

  • CWE ID: CWE-200
  • Attack Vector: Network
  • Privileges Required: High
  • CVSS v3.1 Score: 4.9 (Medium)
  • Exploit Status: Proof-of-Concept
  • CISA KEV Status: Not Listed
  • Remediation Status: Patches Released (1.14.0)

Affected Systems

  • Umbraco.AI Web Application Packages
  • Umbraco backoffice setups with LLM integrations enabled
  • Umbraco.AI: <= 1.13.0 (Fixed in: 1.14.0)
  • Umbraco.AI.Core: <= 1.13.x (Fixed in: 1.14.0)
  • Umbraco.AI.Web: <= 1.13.x (Fixed in: 1.14.0)

Mitigation Strategies

  • Upgrade Umbraco.AI and all related provider packages to version 1.14.0 or above.
  • Relocate configuration secrets under the secure Umbraco:AI:Secrets and Umbraco:AI:Variables namespaces.
  • Avoid expanding AllowedConfigurationKeyPrefixes unless strictly necessary for legacy integration support.

Remediation Steps:

  1. Open the NuGet package manager in your Umbraco project solution.
  2. Select and update Umbraco.AI, Umbraco.AI.Core, and Umbraco.AI.Web to version 1.14.0.
  3. Update any provider packages (such as Umbraco.AI.OpenAI, Umbraco.AI.Anthropic, or Umbraco.AI.Amazon) to their respective patched versions.
  4. Inspect the appsettings.json file or environment variables, and structure AI keys under 'Umbraco:AI:Secrets' or 'Umbraco:AI:Variables'.
  5. Replace backoffice connection setting references from legacy prefixes (e.g., $OpenAI:ApiKey) to the new secure prefixes (e.g., $Umbraco:AI:Secrets:OpenAIApiKey).
  6. Deploy the updated application to production and perform validation testing.

References


Read the full report for GHSA-Q3V2-XJ35-9GRX on our website for more details including interactive diagrams and full exploit analysis.