CVE-2026-7312

Awaiting Analysis

Published: 02 Jun 2026, 13:09

Last modified:02 Jun 2026, 15:11

Vulnerability Summary

Overall Risk (default)

high

70/100

CVSS Score

10 CRITICAL

v3.1 (cve.org)

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

02 Jun 2026, 13:09

Published

Vulnerability first disclosed

02 Jun 2026, 15:11

Last Modified

Vulnerability information updated

Description

CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity version from 14.0.7700 to 14.4.8152, and 15.0.8200 to 15.0.8234, and 15.1.8300 to 15.1.8335, 15.2.8400 to 15.2.8441, 15.3.8500 to 15.3.8531, and 15.4.8600 to 15.4.8630 allows a remote unauthenticated attacker to obtain plain-text credentials used connect to Sitefinity Insight service. Successful exploitation requires active integration with Sitefinity Insight and non-default site configuration.

CVSS Metrics

v3.1•CRITICAL•Score: 10CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

Affected Systems

progress software•sitefinity
≥ 14.0.7700, < 14.4.8152 | ≥ 15.0.8200, < 15.0.8234 | ≥ 15.1.8300, < 15.1.8335 | ≥ 15.2.8400, < 15.2.8441 | ≥ 15.3.8500, < 15.3.8531 | ≥ 15.4.8600, < 15.4.8630

References (1)

https://community.progress.com/s/article/Sitefinity-Security-Advisory-for-Addressing-Security-Vulnerabilities-CVE-2026-7312-CVE-2026-7198-CVE-2026-7195-CVE-2026-7201-CVE-2026-7313-May-2026