GHSA-q3v2-xj35-9grx: Umbraco.AI discloses sensitive application configuration values
Summary
A vulnerability in Umbraco.AI could allow users with high-level permissions to expose sensitive configuration values, like passwords and credentials, under certain setups. The vulnerability requires access to the AI section of the admin panel and a specific custom AI provider, which limits how many systems are at risk.
Solution / Mitigation
Patched in version 1.14.0. The source notes that a workaround is not recommended because the patch involves breaking changes that require a full version upgrade.
Classification
Affected Vendors
Affected Packages
Related Issues
GHSA-382c-vx95-w3p5: Gittensory: Missing contributor-scoped access control on profile endpoint and MCP tool leaks miner financial data
CVE-2026-2589: The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Sensitive Information Exposure
Original source: https://github.com/advisories/GHSA-q3v2-xj35-9grx
First tracked: July 14, 2026 at 08:00 PM
Classified by LLM (prompt v3) · confidence: 75%