Sitecore Managed Cloud
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Sitecore Managed Cloud.
By the Year
In 2026 there have been 0 vulnerabilities in Sitecore Managed Cloud. Last year, in 2025 Managed Cloud had 3 security vulnerabilities published. Right now, Managed Cloud is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 3 | 0.00 |
| 2024 | 0 | 0.00 |
| 2023 | 2 | 8.65 |
It may take a day or so for new Managed Cloud vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Sitecore Managed Cloud Security Vulnerabilities
RCE in Sitecore XP & XM 9.2-10.4
CVE-2025-34138
- July 25, 2025
Sitecore XP/CM File Read RCE 8.0-10.4
CVE-2025-34139
- July 25, 2025
A vulnerability exists in Sitecore Experience Manager (XM), Experience Platform (XP), Experience Commerce (XC), and Managed Cloud that could allow an unauthenticated attacker to read arbitrary files. This vulnerability affects all Experience Platform topologies (XM, XP, XC) from 8.0 Initial Release through 10.4 Initial Release and later. This issue affects Content Management (CM) and standalone instances. PaaS and containerized solutions are also affected.
Insufficiently Protected Credentials
XSS in Sitecore XP 7.5-10.2 & CMS 7.2 via Shell
CVE-2022-4979
- July 25, 2025
A cross-site scripting (XSS) vulnerability exists in Sitecore Experience Platform (XP) 7.5 - 10.2 and CMS 7.2 - 7.2 Update-6 that may allow authenticated Sitecore Shell users to be tricked into executing custom JS code. Managed Cloud Standard customers who run the affected Sitecore Experience Platform / CMS versions are also affected.
XSS
Remote Code Execution in Sitecore Experience Platform & Commerce 10.3
CVE-2023-35813
9.8 - Critical
- June 17, 2023
Multiple Sitecore products allow remote code execution. This affects Experience Manager, Experience Platform, and Experience Commerce through 10.3.
Sitecore XP/XM/ XC v9.0-13.0 MVC Device Simulator Auth Bypass
CVE-2023-33651
7.5 - High
- June 06, 2023
An issue in the MVC Device Simulator of Sitecore Experience Platform (XP), Experience Manager (XM), and Experience Commerce (XC) v9.0 Initial Release to v13.0 Initial Release allows attackers to bypass authorization rules.
AuthZ
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Sitecore Managed Cloud or by Sitecore? Click the Watch button to subscribe.
