CVE-2026-7198

Severity CVSS v4.0:
Pending analysis
Type:
CWE-284 Improper Access Control
Publication date:
02/06/2026
Last modified:
04/06/2026

Description

CWE-284: Improper Access Control in web services in Progress Sitefinity 15.4.8623 before 15.4.8630 allows a remote unauthenticated attacker to access content that should be restricted, resulting in full compromise of confidentiality, integrity, and availability of affected installations.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:progress:sitefinity:*:*:*:*:*:*:*:* 15.4.8623 (including) 15.4.8630 (excluding)