A New Umbraco Security Advisory Has Been Released

A flaw has been identified that allows anonymous users to access an API endpoint exposing password configuration data for the Umbraco back office.

While this doesn’t reveal actual passwords, it does give insight into the strength of the enforced password policy, information that could be exploited by attackers.

The following versions are vulnerable:

• Umbraco 13.0.0 to 13.9.1
• Umbraco 10.0.0 to 10.8.10

If you're running any of these, you're at risk, particularly if you're not on Umbraco Cloud or haven't enabled automatic patching.

Running an unsupported version?
These won’t receive future patches. Now is the time to upgrade to a supported major version, we can help with that.

Keeping your CMS updated isn’t just a “nice to have”, it’s a vital part of maintaining trust, performance and compliance. Vulnerabilities like this may seem small, but they often act as stepping stones to more serious breaches.

By staying patched and using supported versions, you're proactively safeguarding your site, your customers, and your brand.

If you have backoffice access, you can check your current version by clicking the question mark (?) next to your avatar in the top right of the back office:

If you're running an older or unpatched Umbraco site, we’re currently offering a free full upgrade to the latest long-term support version when you sign up for our Standard Maintenance Plan (£500/month, 12-month minimum).

This includes:

• Full health check & eligibility assessment
• Upgrade to the latest secure Umbraco LTS version
• Regression testing & staging setup
• DNS switch-over support
• Ongoing patching, monitoring & dev hours every month

🔍 Check if you’re eligible

We’re a trusted white-label Umbraco development partner to agencies and brands across the UK. Whether you manage one site or dozens, our upgrade and support model is built to be seamless, transparent and secure.

Here’s what our partners say:

“Helitz work as an extension to our team... always makes for seamless collaboration.”
-  Oli, Founder, Absurd Ltd

“Helitz played a critical role in helping us execute a high-impact digital campaign.”
-  Creative Lead, Lancashire Agency

“Delivered on time and within budget.”
-  PM, Manchester