What is CVE-2026-7195?

CVE-2026-7195 is a high-severity vulnerability in Progress Sitefinity, classified under Improper Input Validation. CVSS score: 8.8/10. Published 2026-06-02.

How severe is CVE-2026-7195?

High severity. CVSS v3 base score is 8.8 out of 10.

Improper input validation in Progress Sitefinity

CVE-2026-7195

CWE-20: Improper Input Validation in web services in Progress Sitefinity 14.1.x through 14.3.x, 14.4.x before 14.4.8152, 15.0.x before 15.0.8234, 15.1.x before 15.1.8335, 15.2.x before 15.2.8441, 15.3.x before 15.3.8531, and 15.4.x before…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.001 (17.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.

Affected products

Progress Sitefinity
Progress Software Sitefinity — versions 14.1.0, 14.4.8100, 15.0.8200

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

security@progress.com (vendor-advisory, Vendor Advisory)

Frequently asked questions

What is CVE-2026-7195?: CVE-2026-7195 is a high-severity vulnerability in Progress Sitefinity, classified under Improper Input Validation. CVSS score: 8.8/10. Published 2026-06-02.
How severe is CVE-2026-7195?: High severity. CVSS v3 base score is 8.8 out of 10.