Perceptive Security
SOC/SIEM Consultancy
CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity version from 14.0.7700 to 14.4.8152, and 15.0.8200 to 15.0.8234, and 15.1.8…
Published:
1 June 2026 at 22:00:00
Alert date:
2 June 2026 at 15:00:52
Source:
nvd.nist.gov
Web Technologies, Enterprise Applications
CVE-2026-7312 affects Progress Sitefinity versions 14.0.7700 through 15.4.8630, allowing remote unauthenticated attackers to obtain plain-text credentials used to connect to Sitefinity Insight service. The vulnerability is classified as CWE-522: Insufficiently Protected Credentials in web services. Successful exploitation requires active integration with Sitefinity Insight and non-default site configuration. Multiple version ranges are affected across Sitefinity 14.x and 15.x releases. This credential exposure vulnerability poses significant security risks for affected installations.
Technical details
Mitigation steps:
Affected products:
Progress Sitefinity
Related links:
https://nvd.nist.gov/vuln/detail/CVE-2026-7312
https://community.progress.com/s/article/Sitefinity-Security-Advisory-for-Addressing-Security-Vulnerabilities-CVE-2026-7312-CVE-2026-7198-CVE-2026-7195-CVE-2026-7201-CVE-2026-7313-May-2026
Related CVE's:
Related threat actors:
IOC's:
This article was created with the assistance of AI technology by Perceptive.