Zero Day MonitorZDM
DashboardVulnerabilitiesTrendingZero-DaysNewsAbout
Login
ImpressumPrivacy Policy
Zero Day Monitor © 2026
3614 articles · 169898 vulns · 37/41 feeds (7d)
← Back to list
10.0
CVE-2026-7312PATCHED
progress · sitefinity

CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity

Description

CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity version from 14.0.7700 to 14.4.8152, and 15.0.8200 to 15.0.8234, and 15.1.8300 to 15.1.8335, 15.2.8400 to 15.2.8441, 15.3.8500 to 15.3.8531, and 15.4.8600 to 15.4.8630 allows a remote unauthenticated attacker to obtain plain-text credentials used connect to Sitefinity Insight service. Successful exploitation requires active integration with Sitefinity Insight and non-default site configuration.

Affected Products

VendorProductVersions
progresssitefinity14.0.7700, 15.0.8200, 15.1.8300, 15.2.8400, 15.3.8500, 15.4.8600

Also Affects

Downstream vendors/products affected by this vulnerability

VendorProductSourceConfidence
progresssitefinitycert_advisory90%

References

  • https://community.progress.com/s/article/Sitefinity-Security-Advisory-for-Addressing-Security-Vulnerabilities-CVE-2026-7312-CVE-2026-7198-CVE-2026-7195-CVE-2026-7201-CVE-2026-7313-May-2026(vendor-advisory)

Related News (3 articles)

Tier B
CCCS Canada26d ago
Progress security advisory (AV26-552)
→ No new info (linked only)
Tier B
BSI Advisories28d ago
[NEU] [hoch] Progress Software Sitefinity: Mehrere Schwachstellen
→ No new info (linked only)
Tier C
VulDB29d ago
CVE-2026-7312 | Progress Sitefinity up to 15.4.8629 Web Services insufficiently protected credentials
→ No new info (linked only)
CVSS 3.110.0 CRITICAL
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
CISA KEV❌ No
Actively exploited❌ No
Patch available
14.4.815215.0.823415.1.833515.2.844115.3.853115.4.8630
PublishedJun 2, 2026
Last enriched29d agov2
Tags
CVE-2026-7312
Trending Score3
Source articles3
Independent3
Info Completeness9/14
Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

0
Login to vote
0 upvotes0 downvotes
No votes yet

Related CVEs (5)

CRITICALCVE-2026-8037EXPKEV
OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster, ECS Connection Manager, Object Scale Connection Manager & MOVEit WAF
Trending: 126
CRITICALCVE-2026-7198
CWE-284: Improper Access Control in web services in Progress Sitefinity
Trending: 4
HIGHCVE-2026-7313
CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity
Trending: 3
HIGHCVE-2026-7201
CWE-639: Authorization Bypass Through User-Controlled Key in web services in Progress Sitefinity
Trending: 3
HIGHCVE-2026-7195EXP
CWE-20: Improper Input Validation in web services in Progress Sitefinity
Trending: 2

Pin to Dashboard

Verification

State: unverified
Confidence: 0%

Vulnerability Timeline

CVE Published
Jun 2, 2026
Discovered by ZDM
Jun 2, 2026
Updated: affectedVersions, cweIds, tags
Jun 2, 2026
Patch Available
Jun 3, 2026

Version History

v2
Last enriched 29d ago
v2Tier C29d ago

Added affected version 15.4.8629, updated exploit availability to false, and included CWE-522 and CVE-2026-7312 tags.

affectedVersionscweIdstags
via VulDB
v129d ago

Initial creation