High severity8.7NVD Advisory· Published Jun 2, 2026· Updated Jun 4, 2026
CVE-2026-7313
CVE-2026-7313
Description
CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity version from 8.0.5700 to 13.3.7652 allows a remote authenticated attacker to obtain plain-text credentials used connect to Sitefinity Insight service. Successful exploitation requires active integration with Sitefinity Insight, non-default site configuration and valid back-end authorization.
Affected products
2cpe:2.3:a:progress:sitefinity:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:progress:sitefinity:*:*:*:*:*:*:*:*range: >=8.0.5700,<13.3.7652
- (no CPE)range: 8.0.5700 - 13.3.7652
Patches
Vulnerability mechanics
References
1News mentions
1- Progress Sitefinity: Five CVEs Disclosed, Two Critical, on June 2ndVypr Intelligence · Jun 2, 2026