CVE-2020-36890

HIGH

Kentico Xperience - Privilege Escalation

Title source: llm
STIX 2.1

Description

An access control bypass vulnerability in Kentico Xperience allows administrators to modify global administrator user privileges via unauthorized requests. Attackers could potentially compromise global administrator accounts and invalidate security-sensitive macros by manipulating user privilege levels.

References (2)

Core 2
Core References
Product vendor-advisory patch
https://devnet.kentico.com/download/hotfixes

Scores

CVSS v3 7.2
EPSS 0.0029
EPSS Percentile 20.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-862
Status published
Products (1)
kentico/xperience < 12.0.60
Published Dec 18, 2025
Tracked Since Feb 18, 2026