CVE-2026-7195

HIGH

CWE-20: Improper Input Validation in web services in Progress Sitefinity

Title source: cna

Description

CWE-20: Improper Input Validation in web services in Progress Sitefinity 14.1.x through 14.3.x, 14.4.x before 14.4.8152, 15.0.x before 15.0.8234, 15.1.x before 15.1.8335, 15.2.x before 15.2.8441, 15.3.x before 15.3.8531, and 15.4.x before 15.4.8630 allows a remote unauthenticated attacker to compromise the integrity and confidentiality of user accounts. Successful exploitation requires user interaction and a non-default site configuration.

References (1)

Core 1

Core References

Vendor Advisory vendor-advisory

https://community.progress.com/s/article/Sitefinity-Security-Advisory-for-Addressing-Security-Vulnerabilities-CVE-2026-7312-CVE-2026-7198-CVE-2026-7195-CVE-2026-7201-CVE-2026-7313-May-2026

Scores

CVSS v3 8.8

EPSS 0.0037

EPSS Percentile 28.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-20

Status published

Products (8)

progress/sitefinity 14.1.7800 - 14.4.8152

Progress Software/Sitefinity 14.1.0 - 14.4.0

Progress Software/Sitefinity 14.4.8100 - 14.4.8152

Progress Software/Sitefinity 15.0.8200 - 15.0.8234

Progress Software/Sitefinity 15.1.8300 - 15.1.8335

Progress Software/Sitefinity 15.2.8400 - 15.2.8441

Progress Software/Sitefinity 15.3.8500 - 15.3.8531

Progress Software/Sitefinity 15.4.8600 - 15.4.8630

Published Jun 02, 2026

Tracked Since Jun 02, 2026