CVE-2026-7195
Analyzed Analyzed - Analysis Complete
Improper Input Validation in Progress Sitefinity

Publication date: 2026-06-02

Last updated on: 2026-06-04

Assigner: Progress Software Corporation

Description
CWE-20: Improper Input Validation in web services in Progress Sitefinity 14.1.x through 14.3.x, 14.4.x before 14.4.8152, 15.0.x before 15.0.8234, 15.1.x before 15.1.8335, 15.2.x before 15.2.8441, 15.3.x before 15.3.8531, and 15.4.x before 15.4.8630 allows a remote unauthenticated attacker to compromise the integrity and confidentiality of user accounts. Successful exploitation requires user interaction and a non-default site configuration.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-02
Last Modified
2026-06-04
Generated
2026-06-22
AI Q&A
2026-06-02
EPSS Evaluated
2026-06-21
NVD
CVE-2026-7195
EUVD
EUVD-2026-33918
Affected Vendors & Products
Showing 6 associated CPEs
Vendor Product Version / Range
progress sitefinity From 15.0.8200 (inc) to 15.0.8234 (exc)
progress sitefinity From 15.1.8300 (inc) to 15.1.8335 (exc)
progress sitefinity From 15.2.8400 (inc) to 15.2.8441 (exc)
progress sitefinity From 15.3.8500 (inc) to 15.3.8531 (exc)
progress sitefinity From 15.4.8600 (inc) to 15.4.8630 (exc)
progress sitefinity From 14.1.7800 (inc) to 14.4.8152 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-20 The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an improper input validation issue (CWE-20) found in Progress Sitefinity versions 14.1.x through 14.3.x, 14.4.x before 14.4.8152, 15.0.x before 15.0.8234, 15.1.x before 15.1.8335, 15.2.x before 15.2.8441, 15.3.x before 15.3.8531, and 15.4.x before 15.4.8630.

It allows a remote unauthenticated attacker to compromise the integrity and confidentiality of user accounts by exploiting improper input validation in web services.

Successful exploitation requires user interaction and a non-default site configuration.

Impact Analysis

Exploitation of this vulnerability can lead to a compromise of the integrity and confidentiality of user accounts.

This means attackers could potentially access, modify, or steal sensitive user information.

The CVSS v3.1 base score of 8.8 indicates a high severity impact, including high confidentiality, integrity, and availability impacts.

Compliance Impact

This vulnerability allows a remote unauthenticated attacker to compromise the integrity and confidentiality of user accounts in Progress Sitefinity. Such a compromise of confidentiality and integrity could potentially lead to violations of data protection requirements under common standards and regulations like GDPR and HIPAA, which mandate the protection of personal and sensitive information.

However, the provided information does not explicitly describe the direct impact on compliance with these standards or regulations.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-7195. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart