High severity8.8NVD Advisory· Published Jun 2, 2026· Updated Jun 4, 2026
CVE-2026-7195
CVE-2026-7195
Description
CWE-20: Improper Input Validation in web services in Progress Sitefinity 14.1.x through 14.3.x, 14.4.x before 14.4.8152, 15.0.x before 15.0.8234, 15.1.x before 15.1.8335, 15.2.x before 15.2.8441, 15.3.x before 15.3.8531, and 15.4.x before 15.4.8630 allows a remote unauthenticated attacker to compromise the integrity and confidentiality of user accounts. Successful exploitation requires user interaction and a non-default site configuration.
Affected products
2cpe:2.3:a:progress:sitefinity:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:progress:sitefinity:*:*:*:*:*:*:*:*range: >=14.1.7800,<14.4.8152
- (no CPE)range: 14.1.x through 14.3.x, 14.4.x before 14.4.8152, 15.0.x before 15.0.8234, 15.1.x before 15.1.8335, 15.2.x before 15.2.8441, 15.3.x before 15.3.8531, and 15.4.x before 15.4.8630
Patches
Vulnerability mechanics
References
1News mentions
1- Progress Sitefinity: Five CVEs Disclosed, Two Critical, on June 2ndVypr Intelligence · Jun 2, 2026