Vulnerability intelligence

CVE-2026-7198

CWE-284: Improper Access Control in web services in Progress Sitefinity 15.4.8623 before 15.4.8630 allows a remote unauthenticated attacker to access content that should be restricted, resulting in full compromise of confidentiality, integrity, and availability of affected installations.

CVSS Score

9.8

Critical

EPSS — Exploit Probability

0.3%

Riskier than 51% of all CVEs

Exploitation

Not in CISA KEV

No federal exploitation record

Remediation

Patch available

Vendor fix published

NVD entry Vendor patch PoC / advisory

1 article across 1 outlet · first covered Jun 8, 2026 · latest Jun 8, 2026

Coverage timeline

Critical Sitefinity Vulnerabilities: CVSS 10.0 Security Alert
securityonline.info · Jun 8, 2026