Critical severity9.8NVD Advisory· Published Jun 2, 2026· Updated Jun 4, 2026
CVE-2026-7198
CVE-2026-7198
Description
CWE-284: Improper Access Control in web services in Progress Sitefinity 15.4.8623 before 15.4.8630 allows a remote unauthenticated attacker to access content that should be restricted, resulting in full compromise of confidentiality, integrity, and availability of affected installations.
Affected products
2cpe:2.3:a:progress:sitefinity:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:progress:sitefinity:*:*:*:*:*:*:*:*range: >=15.4.8623,<15.4.8630
- (no CPE)range: <15.4.8630
Patches
Vulnerability mechanics
References
1News mentions
1- Progress Sitefinity: Five CVEs Disclosed, Two Critical, on June 2ndVypr Intelligence · Jun 2, 2026