Unrated severityCISA KEVNVD Advisory· Published Mar 26, 2019· Updated Oct 21, 2025
CVE-2019-10068
CVE-2019-10068
Description
An issue was discovered in Kentico 12.0.x before 12.0.15, 11.0.x before 11.0.48, 10.0.x before 10.0.52, and 9.x versions. Due to a failure to validate security headers, it was possible for a specially crafted request to the staging service to bypass the initial authentication and proceed to deserialize user-controlled .NET object input. This deserialization then led to unauthenticated remote code execution on the server where the Kentico instance was hosted.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: >=9.0.0, <12.0.15
Patches
Vulnerability mechanics
References
2- packetstormsecurity.com/files/157588/Kentico-CMS-12.0.14-Remote-Command-Execution.htmlmitrex_refsource_MISC
- devnet.kentico.com/download/hotfixesmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.