CVE-2026-7195
Improper Input Validation in Progress Sitefinity
Publication date: 2026-06-02
Last updated on: 2026-06-02
Assigner: Progress Software Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| progress | sitefinity | From 14.1 (inc) to 14.4.8152 (exc) |
| progress | sitefinity | to 14.4.8152 (exc) |
| progress | sitefinity | to 15.0.8234 (exc) |
| progress | sitefinity | to 15.1.8335 (exc) |
| progress | sitefinity | to 15.2.8441 (exc) |
| progress | sitefinity | to 15.3.8531 (exc) |
| progress | sitefinity | to 15.4.8630 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an improper input validation issue (CWE-20) found in Progress Sitefinity versions 14.1.x through 14.3.x, 14.4.x before 14.4.8152, 15.0.x before 15.0.8234, 15.1.x before 15.1.8335, 15.2.x before 15.2.8441, 15.3.x before 15.3.8531, and 15.4.x before 15.4.8630.
It allows a remote unauthenticated attacker to compromise the integrity and confidentiality of user accounts by exploiting improper input validation in web services.
Successful exploitation requires user interaction and a non-default site configuration.
How can this vulnerability impact me? :
Exploitation of this vulnerability can lead to a compromise of the integrity and confidentiality of user accounts.
This means attackers could potentially access, modify, or steal sensitive user information.
The CVSS v3.1 base score of 8.8 indicates a high severity impact, including high confidentiality, integrity, and availability impacts.