CVE-2026-7195
Last modified
CVE-2026-7195 is a high-severity vulnerability rated 8.1/10 on the CVSS scale. CWE-20: Improper Input Validation in web services in Progress Sitefinity 14.1.x through 14.3.x, 14.4.x before 14.4.8152, 15.0.x before 15.0.8234, 15.1.x before 15.1.8335, 15.2.x before 15.2.8441, 15.3.x before 15.3.8531, and 15.4.x before 15.4.8630 allows a remote unauthenticated attacker to compromise the integrity and confidentiality of user accounts. Successful exploitation requires user interaction and a non-default site configuration.. EPSS estimates a 0.47% chance of exploitation in the next 30 days.
Description
CWE-20: Improper Input Validation in web services in Progress Sitefinity 14.1.x through 14.3.x, 14.4.x before 14.4.8152, 15.0.x before 15.0.8234, 15.1.x before 15.1.8335, 15.2.x before 15.2.8441, 15.3.x before 15.3.8531, and 15.4.x before 15.4.8630 allows a remote unauthenticated attacker to compromise the integrity and confidentiality of user accounts. Successful exploitation requires user interaction and a non-default site configuration.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Progress | Sitefinity | >= 14.1.7800, < 14.4.8152 |
| Progress | Sitefinity | >= 15.0.8200, < 15.0.8234 |
| Progress | Sitefinity | >= 15.1.8300, < 15.1.8335 |
| Progress | Sitefinity | >= 15.2.8400, < 15.2.8441 |
| Progress | Sitefinity | >= 15.3.8500, < 15.3.8531 |
| Progress | Sitefinity | >= 15.4.8600, < 15.4.8630 |
References
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2026-7195?
How severe is CVE-2026-7195?
How do I fix CVE-2026-7195?
Are you affected by CVE-2026-7195?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST