Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
DotNetNuke May Expose Sensitive Data to Attack
GHSA-fcpv-w245-r2q7
Summary
The DotNetNuke Core code may contain areas that could allow attackers to access sensitive data. This is because of some outdated security settings, such as disabling XML document security checks and using weak encryption algorithms. To stay secure, update to the latest version of DotNetNuke Core.
What to do
- Update dotnetnuke.core to version 10.2.2.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| nuget | – | dotnetnuke.core |
>= 6.0.0, < 10.2.2 Fix: upgrade to 10.2.2
|
Original title
DotNetNuke.Core security code analysis rules triggered
Original description
The codebase raises code analysis warnings related to security, including CA3075, CA5366, CA5371, CA5368, CA5369, CA5372, CA5379, CA5350, and CA5351.
Most of these deal with disabling DTD processing in XML documents, but also includes cryptographic algorithm choices.
Most of these deal with disabling DTD processing in XML documents, but also includes cryptographic algorithm choices.
Published: 14 Apr 2026 · Updated: 15 Apr 2026 · First seen: 15 Apr 2026