CVE-2026-7195
Analyzed Analyzed - Analysis Complete

Improper Input Validation in Progress Sitefinity

Vulnerability report for CVE-2026-7195, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-02

Last updated on: 2026-06-04

Assigner: Progress Software Corporation

Description

CWE-20: Improper Input Validation in web services in Progress Sitefinity 14.1.x through 14.3.x, 14.4.x before 14.4.8152, 15.0.x before 15.0.8234, 15.1.x before 15.1.8335, 15.2.x before 15.2.8441, 15.3.x before 15.3.8531, and 15.4.x before 15.4.8630 allows a remote unauthenticated attacker to compromise the integrity and confidentiality of user accounts. Successful exploitation requires user interaction and a non-default site configuration.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-02
Last Modified
2026-06-04
Generated
2026-07-13
AI Q&A
2026-06-02
EPSS Evaluated
2026-07-11
NVD
EUVD

Affected Vendors & Products

Showing 6 associated CPEs
Vendor Product Version / Range
progress sitefinity From 15.0.8200 (inc) to 15.0.8234 (exc)
progress sitefinity From 15.1.8300 (inc) to 15.1.8335 (exc)
progress sitefinity From 15.2.8400 (inc) to 15.2.8441 (exc)
progress sitefinity From 15.3.8500 (inc) to 15.3.8531 (exc)
progress sitefinity From 15.4.8600 (inc) to 15.4.8630 (exc)
progress sitefinity From 14.1.7800 (inc) to 14.4.8152 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-20 The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is an improper input validation issue (CWE-20) found in Progress Sitefinity versions 14.1.x through 14.3.x, 14.4.x before 14.4.8152, 15.0.x before 15.0.8234, 15.1.x before 15.1.8335, 15.2.x before 15.2.8441, 15.3.x before 15.3.8531, and 15.4.x before 15.4.8630.

It allows a remote unauthenticated attacker to compromise the integrity and confidentiality of user accounts by exploiting improper input validation in web services.

Successful exploitation requires user interaction and a non-default site configuration.

Impact Analysis

Exploitation of this vulnerability can lead to a compromise of the integrity and confidentiality of user accounts.

This means attackers could potentially access, modify, or steal sensitive user information.

The CVSS v3.1 base score of 8.8 indicates a high severity impact, including high confidentiality, integrity, and availability impacts.

Compliance Impact

This vulnerability allows a remote unauthenticated attacker to compromise the integrity and confidentiality of user accounts in Progress Sitefinity. Such a compromise of confidentiality and integrity could potentially lead to violations of data protection requirements under common standards and regulations like GDPR and HIPAA, which mandate the protection of personal and sensitive information.

However, the provided information does not explicitly describe the direct impact on compliance with these standards or regulations.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-7195. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart