Insufficiently Protected Credentials in Progress Sitefinity Web Services
CVE-2026-7312

10CRITICAL

Key Information:

Vendor: Progress Software
Status: Sitefinity
Vendor: CVE Published:; 2 June 2026

🔔 Create Progress Software Vulnerability Alert

What is CVE-2026-7312?

This vulnerability in Progress Sitefinity allows remote unauthenticated attackers to access unencrypted credentials used to connect to the Sitefinity Insight service. Exploitation requires specific site configurations and integration with Sitefinity Insight, thus posing a significant risk to applications that do not follow best security practices. Organizations using affected versions should take immediate action to assess their configurations and implement necessary security measures to safeguard user credentials.

Affected Version(s)

Sitefinity 14.0.7700 < 14.4.8152

Sitefinity 15.0.8200 < 15.0.8234

Sitefinity 15.1.8300 < 15.1.8335

References

https://community.progress.com/s/article/Sitefinity-Secur...

vendor-advisory

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 2, 2026
Vulnerability Reserved
Apr 28, 2026

CVE-2026-7312 Data

JSON