What is CVE-2022-50682?

CVE-2022-50682 is a medium-severity vulnerability in Kentico Xperience, classified under CRLF Injection. CVSS score: 6.5/10. Published 2025-12-18.

How severe is CVE-2022-50682?

Medium severity. CVSS v3 base score is 6.5 out of 10.

Vulnerability in Kentico Xperience

CVE-2022-50682

A CRLF injection vulnerability in Kentico Xperience allows attackers to manipulate URL query string redirects via improper encoding in the routing engine. This could enable header injection and potentially facilitate further web applicatio…

Vulnerability class: CRLF Injection

EPSS: 0.000 (9.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N.

Affected products

Kentico Xperience — versions 0

Weakness classification (CWE)

CWE-93 — CRLF Injection

References

Kentico DevNet Hotfixes (vendor-advisory, patch)
VulnCheck Advisory: Kentico Xperience <= 13.0.79 Routing Engine CRLF Injection (third-party-advisory)

Frequently asked questions

What is CVE-2022-50682?: CVE-2022-50682 is a medium-severity vulnerability in Kentico Xperience, classified under CRLF Injection. CVSS score: 6.5/10. Published 2025-12-18.
How severe is CVE-2022-50682?: Medium severity. CVSS v3 base score is 6.5 out of 10.