CVE-2022-50686 MEDIUM

CVE-2022-50686: Kentico Xperience <= 12.0 Portal Engine Form Control Information Disclosure

Vendor Kentico
Product Xperience
Weakness CWE-209 · Error message info leak
Published December 18, 2025
Last update December 30, 2025

CVSS base score

6.9/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

An information disclosure vulnerability in Kentico Xperience allows attackers to view sensitive stack trace details via Portal Engine form control error messages. Detailed error messages can expose internal system information and potentially reveal implementation details to unauthorized users.

Key dates

02Disclosure timeline

December 18, 2025 CVE published
December 30, 2025 Record updated