CVE 9.8 CRITICAL

CWE-284: Improper Access Control in web services in Progress Sitefinity_CVE-2026-7198

June 2, 2026 invoker category_cve

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

CWE-284: Improper Access Control in web services in Progress Sitefinity 15.4.8623 before 15.4.8630 allows a remote unauthenticated attacker to access content that should be restricted, resulting in full compromise of confidentiality, integrity, and availability of affected installations.

AI Analysis

Improper Access Control vulnerability in Progress Sitefinity web services, allowing remote unauthenticated attackers to access restricted content.

Basic Information

ID CVE-2026-7198

Source ProgressSoftware

Published Jun 2, 2026 at 13:06

Affected Product

Vendor Progress Software

Product Sitefinity

Version 15.4.8623

Affected Versions Progress Software Sitefinity 15.4.8623

CWE Classification

CWE-284

AI Assessment

AI Score 9.8 / 10

AI Severity Critical

Vendor Progress Software

Product Sitefinity

Version 15.4.8623

References

community.progress.com /s/article/Sitefinity-Security-Advisory-for-Addressing-Security-Vulnerabilities-CVE-2026-7312-CVE-2026-7198-CVE-2026-7195-CVE-2026-7201-CVE-2026-7313-May-2026

{
    "lastseen": "",
    "description": "CWE-284: Improper Access Control in web services in Progress Sitefinity 15.4.8623 before 15.4.8630 allows a remote unauthenticated attacker to access content that should be restricted, resulting in full compromise of confidentiality, integrity, and availability of affected installations.",
    "published": "2026-06-02T13:06:32.425Z",
    "modified": "2026-06-02T13:06:32.425Z",
    "type": "cve",
    "title": "CWE-284: Improper Access Control in web services in Progress Sitefinity",
    "source": "ProgressSoftware",
    "references": "https://community.progress.com/s/article/Sitefinity-Security-Advisory-for-Addressing-Security-Vulnerabilities-CVE-2026-7312-CVE-2026-7198-CVE-2026-7195-CVE-2026-7201-CVE-2026-7313-May-2026",
    "id": "CVE-2026-7198",
    "bulletinFamily": "",
    "cwe": [
        "CWE-284"
    ],
    "cvelist": null,
    "sourceData": "Progress Software Sitefinity 15.4.8623",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Sitefinity",
    "version": "15.4.8623",
    "vendor": "Progress Software",
    "ai_description": "Improper Access Control vulnerability in Progress Sitefinity web services, allowing remote unauthenticated attackers to access restricted content.",
    "ai_severity": "Critical",
    "ai_vendor": "Progress Software",
    "ai_product": "Sitefinity",
    "ai_version": "15.4.8623",
    "ai_score": 9.8
}

💭 Join the Security Discussion ❌ Cancel Reply