CVE-2026-46616

描述

### Impact Some of the Surface Controllers in the CMS provide to support member related operations fail to validate redirect URLs, making Razor templates that derive 'RedirectUrl' from user-controlled query parameters vulnerable to malicious redirect attacks. ### Patches The issue is resolved in versions 17.4.0 and 13.14.0. ### Workarounds If users cannot upgrade immediately, they can mitigate the issue in their own site by ensuring every Razor form that posts to `UmbLoginStatusController`, `UmbProfileController` or `UmbRegisterController` passes a concrete, trusted `RedirectUrl` into `Html.BeginUmbracoForm's` route values. For example: ```cshtml @using (Html.BeginUmbracoForm<UmbLoginStatusController>( "HandleLogout", new { RedirectUrl = Model.Url() })) { <button type="submit">Log out</button> } ``` ### Resources https://github.com/umbraco/Umbraco-CMS/pull/22565 https://github.com/umbraco/Umbraco-CMS/pull/22561

受影響套件(1)

• NuGet/Umbraco.Cmsfrom 0, < 13.14.0

CVSS 分數

參考連結(4)

• PATCHhttps://github.com/umbraco/Umbraco-CMS
• WEBhttps://github.com/umbraco/Umbraco-CMS/pull/22561
• WEBhttps://github.com/umbraco/Umbraco-CMS/pull/22565
• WEBhttps://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-2qjj-h6wp-c7h7