CVE-2026-7195

EUVD-2026-33918
CWE-20: Improper Input Validation in web services in Progress Sitefinity 14.1.x through 14.3.x, 14.4.x before 14.4.8152, 15.0.x before 15.0.8234, 15.1.x before 15.1.8335, 15.2.x before 15.2.8441, 15.3.x before 15.3.8531, and 15.4.x before 15.4.8630 allows a remote unauthenticated attacker to compromise the integrity and confidentiality of user accounts. Successful exploitation requires user interaction and a non-default site configuration.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
ProgressSoftwareCNA
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
progresssitefinity
14.1.0 ≤
𝑥
< 14.4.0
CNA
progresssitefinity
14.4.8100 ≤
𝑥
< 14.4.8152
CNA
progresssitefinity
15.0.8200 ≤
𝑥
< 15.0.8234
CNA
progresssitefinity
15.1.8300 ≤
𝑥
< 15.1.8335
CNA
progresssitefinity
15.2.8400 ≤
𝑥
< 15.2.8441
CNA
progresssitefinity
15.3.8500 ≤
𝑥
< 15.3.8531
CNA
progresssitefinity
15.4.8600 ≤
𝑥
< 15.4.8630
CNA
Common Weakness Enumeration
References
https://community.progress.com/s/article/Sitefinity-Security-Advisory-for-Addressing-Security-Vulnerabilities-CVE-2026-7312-CVE-2026-7198-CVE-2026-7195-CVE-2026-7201-CVE-2026-7313-May-2026