1K-Off

**Name of the Vulnerable Software and Affected Versions** Umbraco versions prior to 10.6.1 Umbraco versions prior to 11.4.2 Umbraco versions prior to 12.0.1 **Description** Under rare conditions, a restart of Umbraco can allow unauthorized users to gain admin-level permissions, potentially leading to unauthorized access to the backoffice. **Recommendations** For versions prior to 10.6.1, update to version 10.6.1 or later. For versions prior to 11.4.2, update to version 11.4.2 or later. For versions prior to 12.0.1, update to version 12.0.1 or later. As a temporary workaround, consider enabling the Unattended Install feature to prevent exploitation. Additionally, enabling IP restrictions to `/install/*` and `/umbraco/*` can limit exposure to allowed IP addresses.