CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-7198

CWE-284: Improper Access Control in web services in Progress Sitefinity 15.4.8623 before 15.4.8630 allows a remote unauthenticated attacker to access content that should be restricted, resulting in full compromise of confidentiality, integrity, and availability of affected installations.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 24.4%

CVSS Severity

CVSS v3 Score 9.8

References

https://community.progress.com/s/article/Sitefinity-Security-Advisory-for-Addressing-Security-Vulnerabilities-CVE-2026-7312-CVE-2026-7198-CVE-2026-7195-CVE-2026-7201-CVE-2026-7313-May-2026

Products affected by CVE-2026-7198

Progress » Sitefinity » Version: 15.4.8623

cpe:2.3:a:progress:sitefinity:15.4.8623
Progress » Sitefinity » Version: 15.4.8624

cpe:2.3:a:progress:sitefinity:15.4.8624
Progress » Sitefinity » Version: 15.4.8625

cpe:2.3:a:progress:sitefinity:15.4.8625
Progress » Sitefinity » Version: 15.4.8626

cpe:2.3:a:progress:sitefinity:15.4.8626
Progress » Sitefinity » Version: 15.4.8627

cpe:2.3:a:progress:sitefinity:15.4.8627
Progress » Sitefinity » Version: 15.4.8628

cpe:2.3:a:progress:sitefinity:15.4.8628
Progress » Sitefinity » Version: 15.4.8629

cpe:2.3:a:progress:sitefinity:15.4.8629

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-7198

Products

Pricing

Contact Us