Improper Access Control in Progress Sitefinity Web Services
CVE-2026-7198

9.8CRITICAL

Key Information:

Vendor: Progress Software
Status: Sitefinity
Vendor: CVE Published:; 2 June 2026

🔔 Create Progress Software Vulnerability Alert

What is CVE-2026-7198?

A vulnerability in the web services of Progress Sitefinity versions prior to 15.4.8630 allows remote, unauthenticated attackers to gain access to restricted content. This flaw compromises the confidentiality, integrity, and availability of the affected systems, potentially exposing sensitive information and leading to unauthorized actions. Organizations using these versions are strongly advised to apply the necessary updates to ensure adequate protection against this threat.

Affected Version(s)

Sitefinity 15.4.8623 < 15.4.8630

References

https://community.progress.com/s/article/Sitefinity-Secur...

vendor-advisory

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 2, 2026
Vulnerability Reserved
Apr 27, 2026

CVE-2026-7198 Data

JSON