K

Kentico Security Vulnerabilities (CVE)

Explore vulnerabilities and security advisories affecting Kentico products.

26 known CVE vulnerabilities tracked

Critical
0
High
6
Medium
20
Low
0
None
0

Vulnerabilities By Year

26
2025

Products Affected

Xperience 26

All Kentico CVEs

Recent Highest Score Oldest
CVE-2019-25229
8.8 high

An unrestricted file upload vulnerability in Kentico Xperience allows authenticated users with 'Read data' permissions to upload arbitrary file types via MVC form file uploader components. Attackers can manipulate file names and upload potentially malicious files to the system, enabling unauthorized

Xperience Dec 18, 2025
CVE-2019-25228
5.3 medium

An information disclosure vulnerability in Kentico Xperience allows attackers to leak virtual context URLs via the HTTP Referer header when users interact with third-party domains. Sensitive virtual context information can be exposed to external domains through page builder interactions and link/ima

Xperience Dec 18, 2025