VYPR
Critical severity9.8NVD Advisory· Published Jun 2, 2026· Updated Jun 4, 2026

CVE-2026-7198

CVE-2026-7198

Description

CWE-284: Improper Access Control in web services in Progress Sitefinity 15.4.8623 before 15.4.8630 allows a remote unauthenticated attacker to access content that should be restricted, resulting in full compromise of confidentiality, integrity, and availability of affected installations.

Affected products

2
  • cpe:2.3:a:progress:sitefinity:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:progress:sitefinity:*:*:*:*:*:*:*:*range: >=15.4.8623,<15.4.8630
    • (no CPE)range: <15.4.8630

Patches

Vulnerability mechanics

References

1

News mentions

1