Vulnerability in Progress Sitefinity
CVE-2026-7312
CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity version from 14.0.7700 to 14.4.8152, and 15.0.8200 to 15.0.8234, and 15.1.8300 to 15.1.8335, 15.2.8400 to 15.2.8441, 15.3.8500 to 15.3.8531, and 15.4.8600…
EPSS: 0.000 (9.9th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 10.0 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N.
Affected products
- Progress Sitefinity
- Progress Software Sitefinity — versions 14.0.7700, 15.0.8200, 15.1.8300
Weakness classification (CWE)
References
- security@progress.com (vendor-advisory, Vendor Advisory)
Frequently asked questions
- What is CVE-2026-7312?
- CVE-2026-7312 is a critical-severity vulnerability in Progress Sitefinity, classified under Insufficiently Protected Credentials. CVSS score: 10.0/10. Published 2026-06-02.
- How severe is CVE-2026-7312?
- Critical severity. CVSS v3 base score is 10.0 out of 10.