Intrusion Prevention

Sitecore.Experience.ViewState.Insecure.Deserialization

Description

This indicates an attack attempt to exploit an Insecure Deserialization Vulnerability in Sitecore Experience.
The vulnerability is due to insufficient validation of user-supplied inputs. A remote attacker can exploit this vulnerability by sending a crafted request to the target system. Successful exploitation results in remote code execution.

Affected Products

Sitecore Experience Manager (XM) through 9.0
Sitecore Experience Platform (XP) through 9.0

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Apply the most recent upgrade or patch from the vendor.
https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1003865

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date	Version	Status	Detail
2026-02-03	35.162	Modified	Default_action:pass:drop
2026-01-20	35.154	New

ID	60020
Created	Jan 19, 2026
Updated	Feb 02, 2026
CVE ID
Tags	Threat Signal
Risk
Known Exploited	Yes
Exploit Prediction Score	10.07%
Default Action	drop
Active
Affected OS	Windows
Affected App	ASP_app
Profile Type	Permission/Privilege/Access Control

Protect

Detect

Respond

Recover

Identify

Network Security

Cloud & Application Security

Endpoint Security

Security Operations

Intrusion Prevention

Sitecore.Experience.ViewState.Insecure.Deserialization

Description

Affected Products

Impact

Recommended Actions

Coverage

Version Updates

Research Center

Services

Protect

Detect

Respond

Recover

Identify

Network Security

Cloud & Application Security

Endpoint Security

Security Operations

Threat Intelligence Center

Support Center

Resource Center

About

Intrusion Prevention

Sitecore.Experience.ViewState.Insecure.Deserialization

Description

Affected Products

Impact

Recommended Actions

Coverage

Version Updates

Threat Intelligence
Center