{"data":{"id":"3ad32281-e450-4b5f-893e-b2edc3ded28f","title":"GHSA-q3v2-xj35-9grx: Umbraco.AI discloses sensitive application configuration values","summary":"A vulnerability in Umbraco.AI could allow users with high-level permissions to expose sensitive configuration values, like passwords and credentials, under certain setups. The vulnerability requires access to the AI section of the admin panel and a specific custom AI provider, which limits how many systems are at risk.","solution":"Patched in version 1.14.0. The source notes that a workaround is not recommended because the patch involves breaking changes that require a full version upgrade.","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-q3v2-xj35-9grx","publishedAt":"2026-07-14T19:59:45.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":"medium","severity":"medium","attackType":["pii_leakage"],"issueType":"vulnerability","affectedPackages":["Umbraco.AI@<= 1.13.0 (fixed: 1.14.0)"],"affectedVendors":[],"affectedVendorsRaw":["Umbraco.AI"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":true,"disclosureDate":"2026-07-14T19:59:45.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality"],"aiComponentTargeted":"api","llmSpecific":false,"classifierConfidence":0.75,"researchCategory":null,"atlasIds":null}}