CVE-2019-9874CISA KEVEPSS p99.7%
CVE-2019-9874Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability
Sitecore / CMS and Experience Platform (XP)
Description
Sitecore CMS and Experience Platform (XP) contain a deserialization vulnerability in the Sitecore.Security.AntiCSRF module that allows an unauthenticated attacker to execute arbitrary code by sending a serialized .NET object in the HTTP POST parameter __CSRFTOKEN.
Scoring
| EPSS | 83.86% probability of exploitation · percentile 99.7% · 2026-06-16T12:03:06Z |
CISA KEV entry
Added to KEV: 2025-03-26
(incoming)1
| Type | Target | Confidence | Tier |
|---|---|---|---|
| KEVEntry | Sitecore CMS and Experience Platform (XP) Deserialization Vulnerabilitykev-cve-2019-9874 | 0% | live |
Related by meaning· 6
Nearest entities by semantic similarity across the cs-graph corpus.