GHSA-7jxj-rpx7-ph2c: Umbraco.Forms CDN may cache sensitive form uploads when processed by ImageSharp

January 22, 2026

Protected files uploaded through Umbraco Forms may be served to unauthenticated users when a CDN or caching layer is present and ImageSharp processes the request. ImageSharp sets aggressive cache headers by default, which can cause intermediary caches to store and serve files that should require authentication.

References

github.com/advisories/GHSA-7jxj-rpx7-ph2c
github.com/umbraco/Umbraco.Forms.Issues
github.com/umbraco/Umbraco.Forms.Issues/security/advisories/GHSA-7jxj-rpx7-ph2c

Code Behaviors & Features

Detect and mitigate GHSA-7jxj-rpx7-ph2c with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →