CVE-2026-7195
Published:June 02, 2026
Updated:June 07, 2026
CWE-20: Improper Input Validation in web services in Progress Sitefinity 14.1.x through 14.3.x, 14.4.x before 14.4.8152, 15.0.x before 15.0.8234, 15.1.x before 15.1.8335, 15.2.x before 15.2.8441, 15.3.x before 15.3.8531, and 15.4.x before 15.4.8630 allows a remote unauthenticated attacker to compromise the integrity and confidentiality of user accounts. Successful exploitation requires user interaction and a non-default site configuration.
Affected Packages
telerik.sitefinity.core (NUGET):
Affected version(s) >=15.0.8200 <15.0.8234Fix Suggestion:
Update to version 15.0.8234telerik.sitefinity.core (NUGET):
Affected version(s) >=15.1.8300 <15.1.8335Fix Suggestion:
Update to version 15.1.8335telerik.sitefinity.core (NUGET):
Affected version(s) >=15.4.8600 <15.4.8630Fix Suggestion:
Update to version 15.4.8630telerik.sitefinity.core (NUGET):
Affected version(s) >=14.4.8100 <14.4.8152Fix Suggestion:
Update to version 14.4.8152telerik.sitefinity.core (NUGET):
Affected version(s) >=15.2.8400 <15.2.8441Fix Suggestion:
Update to version 15.2.8441telerik.sitefinity.core (NUGET):
Affected version(s) >=15.3.8500 <15.3.8531Fix Suggestion:
Update to version 15.3.8531Related Resources (1)
Do you need more information?
Contact UsCVSS v4
Base Score:
8.7
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
PASSIVE
Vulnerable System Confidentiality
HIGH
Vulnerable System Integrity
HIGH
Vulnerable System Availability
HIGH
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH
Weakness Type (CWE)
Improper Input Validation
EPSS
Base Score:
0.02