CVE-2026-7198
Severity CVSS v4.0:
Pending analysis
Type:
CWE-284
Improper Access Control
Publication date:
02/06/2026
Last modified:
04/06/2026
Description
CWE-284: Improper Access Control in web services in Progress Sitefinity 15.4.8623 before 15.4.8630 allows a remote unauthenticated attacker to access content that should be restricted, resulting in full compromise of confidentiality, integrity, and availability of affected installations.
Impact
Base Score 3.x
9.80
Severity 3.x
CRITICAL
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:progress:sitefinity:*:*:*:*:*:*:*:* | 15.4.8623 (including) | 15.4.8630 (excluding) |
To consult the complete list of CPE names with products and versions, see this page



