CVE-2026-7195
CWE-20: Improper Input Validation in web services in Progress Sitefinity
CVSS Score
8.8
EPSS Score
0.1%
EPSS Percentile
17th
CWE-20: Improper Input Validation in web services in Progress Sitefinity 14.1.x through 14.3.x, 14.4.x before 14.4.8152, 15.0.x before 15.0.8234, 15.1.x before 15.1.8335, 15.2.x before 15.2.8441, 15.3.x before 15.3.8531, and 15.4.x before 15.4.8630 allows a remote unauthenticated attacker to compromise the integrity and confidentiality of user accounts. Successful exploitation requires user interaction and a non-default site configuration.
| CWE | CWE-20 |
| Vendor | progress software |
| Product | sitefinity |
| Published | Jun 2, 2026 |
| Last Updated | Jun 4, 2026 |
Stay Ahead of the Next One
Get instant alerts for progress software sitefinity
Be the first to know when new high vulnerabilities affecting progress software sitefinity are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected Versions
Progress Software / Sitefinity
14.1.0 < 14.4.0 14.4.8100 < 14.4.8152 15.0.8200 < 15.0.8234 15.1.8300 < 15.1.8335 15.2.8400 < 15.2.8441 15.3.8500 < 15.3.8531 15.4.8600 < 15.4.8630