Progress Sitefinity Credentials Vulnerability - 20260715001¶
Overview¶
Insufficiently Protected Credentials in web services in Progress Sitefinity allows a remote unauthenticated attacker to obtain plain-text credentials used connect to Sitefinity Insight service. Successful exploitation requires active integration with Sitefinity Insight and non-default site configuration.
What is vulnerable?¶
| Product(s) Affected | Version(s) | CVE | CVSS | Severity |
|---|---|---|---|---|
| Sitefinity CMS and Sitefinity Insight | 14.X prior to 14.4.8152 15.0.X prior to 15.0.8234 15.1.X prior to 15.1.8335 15.2.X prior to 15.2.8441 15.3.X prior to 15.3.8531 15.4.X prior to 15.4.8630 |
CVE-2026-7312 | 10.0 | Critical |
What has been observed?¶
The WASOC has not received any reports of exploitation of this vulnerability on Western Australian Government networks at the time of writing.
Recommendation¶
The WASOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframes (refer Patch Management):