CVE-2026-27449, Umbraco.Engage.Forms Allows Unauthorized Access to Multiple API Endpoints
Source: Endorlabs
Published:
<p>A vulnerability has been identified in Umbraco Engage where certain API endpoints are exposed without enforcing authentication or authorization checks. The affected endpoints can be accessed directly over the network without requiring a valid session or user credentials. By supplying a user-contr