Home

Description

An access control bypass vulnerability in Kentico Xperience allows administrators to modify global administrator user privileges via unauthorized requests. Attackers could potentially compromise global administrator accounts and invalidate security-sensitive macros by manipulating user privilege levels.

PUBLISHED Reserved 2025-12-09 | Published 2025-12-18 | Updated 2025-12-18 | Assigner VulnCheck




HIGH: 8.6CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
HIGH: 7.2CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Problem types

Missing Authorization

Product status

Any version
affected

Credits

Denis Styopochkin - Security Engineer, SoftServe finder

References

devnet.kentico.com/download/hotfixes (Kentico DevNet Hotfixes) vendor-advisory patch

www.vulncheck.com/...nce-administrator-access-control-bypass (VulnCheck Advisory: Kentico Xperience <= 10 Administrator Access Control Bypass) third-party-advisory

cve.org (CVE-2020-36890)

nvd.nist.gov (CVE-2020-36890)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.