Skip to content

Progress Sitefinity Credentials Vulnerability - 20260715001

Overview

Insufficiently Protected Credentials in web services in Progress Sitefinity allows a remote unauthenticated attacker to obtain plain-text credentials used connect to Sitefinity Insight service. Successful exploitation requires active integration with Sitefinity Insight and non-default site configuration.

What is vulnerable?

Product(s) Affected Version(s) CVE CVSS Severity
Sitefinity CMS and Sitefinity Insight 14.X prior to 14.4.8152
15.0.X prior to 15.0.8234
15.1.X prior to 15.1.8335
15.2.X prior to 15.2.8441
15.3.X prior to 15.3.8531
15.4.X prior to 15.4.8630
CVE-2026-7312 10.0 Critical

What has been observed?

The WASOC has not received any reports of exploitation of this vulnerability on Western Australian Government networks at the time of writing.

Recommendation

The WASOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframes (refer Patch Management):