CVE-2026-7195
Essential information
- Published
- 02/06/2026 14:17
- Modified
- 02/06/2026 14:48
- Author
- —
- Creator
- —
- CVSS
- 8.8 HIGH (v3.1)
- CISA KEV
- No
- CWE
- —
- CVSS vector
-
—
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H—
CVSS metrics
- Access vector
- —
- Access complexity
- —
- Authentication
- —
- Confidentiality impact
- —
- Integrity impact
- —
- Availability impact
- —
- Exploitability
- —
- Remediation level
- —
- Report confidence
- —
- Temporal score
- —
- Attack vector
- NETWORK
- Attack complexity
- LOW
- Privileges required
- NONE
- User interaction
- REQUIRED
- Scope
- UNCHANGED
- Confidentiality impact
- HIGH
- Integrity impact
- HIGH
- Availability impact
- HIGH
- Exploit code maturity
- —
- Remediation level
- —
- Report confidence
- —
- Temporal score
- —
- Attack vector
- —
- Attack complexity
- —
- Attack requirements
- —
- Privileges required
- —
- User interaction
- —
- Confidentiality (V)
- —
- Confidentiality (S)
- —
- Integrity (V)
- —
- Integrity (S)
- —
- Availability (V)
- —
- Availability (S)
- —
- Exploit maturity
- —
Description
CWE-20: Improper Input Validation in web services in Progress Sitefinity 14.1.x through 14.3.x, 14.4.x before 14.4.8152, 15.0.x before 15.0.8234, 15.1.x before 15.1.8335, 15.2.x before 15.2.8441, 15.3.x before 15.3.8531, and 15.4.x before 15.4.8630 allows a remote unauthenticated attacker to compromise the integrity and confidentiality of user accounts. Successful exploitation requires user interaction and a non-default site configuration.
NVD status
- Status
- Undergoing Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
- Source
- [email protected]
- NVD
- View on NVD
Affected products (CPE)
| Product | CPE |
|---|---|
| progress / sitefinity | cpe:2.3:a:progress:sitefinity:14.1:*:*:*:*:*:*:* |
| progress / sitefinity | cpe:2.3:a:progress:sitefinity:14.2:*:*:*:*:*:*:* |
| progress / sitefinity | cpe:2.3:a:progress:sitefinity:14.3:*:*:*:*:*:*:* |
| progress / sitefinity | cpe:2.3:a:progress:sitefinity:14.4:<14.4.8152:*:*:*:*:*:* |
| progress / sitefinity | cpe:2.3:a:progress:sitefinity:15.0:<15.0.8234:*:*:*:*:*:* |
| progress / sitefinity | cpe:2.3:a:progress:sitefinity:15.1:<15.1.8335:*:*:*:*:*:* |
| progress / sitefinity | cpe:2.3:a:progress:sitefinity:15.2:<15.2.8441:*:*:*:*:*:* |
| progress / sitefinity | cpe:2.3:a:progress:sitefinity:15.3:<15.3.8531:*:*:*:*:*:* |
| progress / sitefinity | cpe:2.3:a:progress:sitefinity:15.4:<15.4.8630:*:*:*:*:*:* |