kentico is vulnerable to remote code execution (RCE). Failure to validate security headers allow an attacker to bypass authentication and perform unsafe deserialization using a malicious .NET object input, which would lead to remote code execution on the server.