CyberSec.Space Logo
Back to CVE Browser

CVE-2020-36890

HIGH
7.2
CVSS Severity Score
EPSS Score0.1050%
EPSS Percentile0.02th
PublishedDec 18, 2025
Last ModifiedDec 24, 2025

Vulnerability Description

An access control bypass vulnerability in Kentico Xperience allows administrators to modify global administrator user privileges via unauthorized requests. Attackers could potentially compromise global administrator accounts and invalidate security-sensitive macros by manipulating user privilege levels.

Affected Platforms (CPE)

📦
Kentico

Xperience

<= 12.0.60

References & Advisories

🔗 https://devnet.kentico.com/download/hotfixes
🔗 https://www.vulncheck.com/advisories/kentico-xperience-administrator-access-control-bypass

Related Vulnerabilities

CVE-2025-27499.1

Kentico Xperience contains a path traversal vulnerability that could allow an authenticated user's Staging Sync Server to upload a...

CVE-2021-477118.8

A SQL injection vulnerability in Kentico Xperience allows authenticated editors to inject malicious SQL queries via online marketi...

CVE-2019-252298.8

An unrestricted file upload vulnerability in Kentico Xperience allows authenticated users with 'Read data' permissions to upload a...

CVE-2021-477127.5

A cryptography vulnerability in Kentico Xperience allows attackers to potentially manipulate URL hash values through existing hash...