CVE-2026-7198
Awaiting Analysis
Published: 02 Jun 2026, 13:06
Last modified:02 Jun 2026, 15:24
Vulnerability Summary
Overall Risk (default)
high
70/100 CVSS Score
9.8 CRITICAL
v3.1 (cve.org)
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
02 Jun 2026, 13:06
Published
Vulnerability first disclosed
02 Jun 2026, 15:24
Last Modified
Vulnerability information updated
Description
CWE-284: Improper Access Control in web services in Progress Sitefinity 15.4.8623 before 15.4.8630 allows a remote unauthenticated attacker to access content that should be restricted, resulting in full compromise of confidentiality, integrity, and availability of affected installations.
CVSS Metrics
- v3.1•CRITICAL•Score: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Techniques & Countermeasures
- CWE-284•Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Affected Systems
- progress software•sitefinity
≥ 15.4.8623, < 15.4.8630