CVE detail
CVE-2019-10068: Kentico Xperience Deserialization of Untrusted Data Vulnerability
Source: CISA Known Exploited Vulnerabilities catalog · back to feed
Vendor / product
Kentico · Xperience
- Date added (KEV)
- Mar 25, 2022
- CISA due date
- Apr 15, 2022
- Ransomware campaign use
- Unknown
Scorifya interpretation
AI-generatedA short, structured read of the record above — generated when this page first loads, then cached for a week.
Plain English
Technical detail
From CISA
Kentico contains a failure to validate security headers. This deserialization can led to unauthenticated remote code execution.
https://nvd.nist.gov/vuln/detail/CVE-2019-10068
References
- https://devnet.kentico.com/download/hotfixes#securityBugs-v12Release NotesVendor Advisory
- https://devnet.kentico.com/download/hotfixes#securityBugs-v12Release NotesVendor Advisory
- http://packetstormsecurity.com/files/157588/Kentico-CMS-12.0.14-Remote-Command-Execution.htmlExploitThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/157588/Kentico-CMS-12.0.14-Remote-Command-Execution.htmlExploitThird Party AdvisoryVDB Entry
Other recent CVEs from Kentico
- CVE-2025-2749Kentico Xperience — Kentico Xperience Path Traversal Vulnerability
- CVE-2025-2746Xperience CMS — Kentico Xperience CMS Authentication Bypass Using an Alternate Path or Channel Vulnerability
- CVE-2025-2747Xperience CMS — Kentico Xperience CMS Authentication Bypass Using an Alternate Path or Channel Vulnerability
Check your domain's public posture
Scorifya doesn't test for specific CVEs, but if patching Kentico changed your headers or TLS, a fresh hardening scan helps confirm nothing regressed externally.