cvedb.io
CVE-2021-42237
CRITICAL · CVSS 9.8 ⚠ KEV — EXPLOITED
EPSS exploitation probability: 100%
⚠ Listed in the CISA Known Exploited Vulnerabilities catalog — actively exploited.
Published 2022-03-25 · Last modified 2026-07-06T12:39:58.677

Summary

Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserialization attack where it is possible to achieve remote command execution on the machine. No authentication or special configuration is required to exploit this vulnerability.

Affected products

Sitecore — XP

Does this affect you?

Add your gear to cvedb and we'll alert you only when Sitecore ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.