Security vulnerability found - immediate action recommended

Written by:

During one of the regular security audits that independent security firms (in this case: MWR Labs) do of the core, a severe security vulnerability was found

During one of the regular security audits that independent security firms (in this case: MWR Labs) do of the core, a severe security vulnerability was found in the integration web services of Umbraco and we recommend everyone to take immediate action to prevent any exploit.

More details will come in a few weeks when people have had a chance to update their installations, but for now we ask you to remove the following file from all your Umbraco installations:


The security vulnerability affects all versions of Umbraco that contains the file above. If your installation doesn’t contain the file, you’re not affected.

If you DO have this dll in your bin folder and you absolutely cannot live without it, then there's a secured version available for Umbraco 4 and for Umbraco 6.

This will not affect the daily use of your Umbraco installation. It *might* affect integration with your Umbraco installation, but less than 1% use the integration web services. For those who do use the integration web services we recommend that you get in touch with

We’re sorry for the inconvenience.


  • If you do use the webservices in your custom code, adding IP restrictions to /umbraco/webservices/api/ can be an option to secure your servers instead
  • Load balancing setups should not be affected by the removal of the dll, the cacherefresher code for that is in a different dll
  • uComponents v3+ should not be affected
  • The umbraco.webservices.dll file has not been included for a while in some umbraco releases due to a bug in our build environment, so if you can't find it, you're not affected by this issue


Loved by developers, used by thousands around the world!

One of the biggest benefits of using Umbraco is that we have the friendliest Open Source community on this planet. A community that's incredibly pro-active, extremely talented and helpful.

If you get an idea for something you would like to build in Umbraco, chances are that someone has already built it. And if you have a question, are looking for documentation or need friendly advice, go ahead and ask on the community forums.

Want to be updated on everything Umbraco?

Sign up for the Umbraco newsletter and get the latest news and special offers sent directly to your inbox