CVE-2026-7195

EUVD-2026-33918
CWE-20: Improper Input Validation in web services in Progress Sitefinity 14.1.x through 14.3.x, 14.4.x before 14.4.8152, 15.0.x before 15.0.8234, 15.1.x before 15.1.8335, 15.2.x before 15.2.8441, 15.3.x before 15.3.8531, and 15.4.x before 15.4.8630 allows a remote unauthenticated attacker to compromise the integrity and confidentiality of user accounts. Successful exploitation requires user interaction and a non-default site configuration.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 37%
Affected Products (NVD)
VendorProductVersion
progresssitefinity
14.1.7800 ≤
𝑥
< 14.4.8152
progresssitefinity
15.0.8200 ≤
𝑥
< 15.0.8234
progresssitefinity
15.1.8300 ≤
𝑥
< 15.1.8335
progresssitefinity
15.2.8400 ≤
𝑥
< 15.2.8441
progresssitefinity
15.3.8500 ≤
𝑥
< 15.3.8531
progresssitefinity
15.4.8600 ≤
𝑥
< 15.4.8630
𝑥
= Vulnerable software versions