Vulnerability disclosure program

At Kentico, we are committed to delivering secure products. While our internal security team works hard to identify vulnerabilities before they reach production, we recognize the value of external expertise.

If you believe you've found a security vulnerability, we encourage you to let us know to help us assess and remediate the issue.

Responsible disclosure

Researchers may not publicly disclose vulnerabilities (share details with anyone other than authorized Kentico employees) or otherwise share vulnerabilities with third parties without explicit written permission from Kentico. This gives us enough time to properly address issues before the report is made public.

Legal Terms

In connection with your participation in this program, you agree to comply with the Kentico Privacy Policy and all applicable laws and regulations, including any laws or regulations governing privacy or the lawful processing of data. Kentico reserves the right to change or modify the terms and conditions of this program at any time.

Safe Harbor

Kentico will not initiate a lawsuit or law enforcement investigation against a researcher in response to reporting a vulnerability if the researcher does so in good faith without performing any malicious actions before, during, or after the issue is reported.

Reporting Guidelines

Please report the vulnerability by sending a report to our email security@kentico.com. Please follow the responsible disclosure rules and keep the issue private until we have a chance to address it.

Please include a step-by-step proof of concept (PoC) demonstrating your findings so we can verify their validity. To ensure an effective review process, please provide complete and detailed information about the vulnerability. While we can't promise specific timeframes for our replies, we aim to respond as promptly as possible. Incomplete reports may not be addressed.