CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity version from 14.0.7700 to 14.4.8152, and 15.0.8200 to 15.0.8234, and 15.1.8…

CVE-2026-7312 is a CWE-522 vulnerability affecting Progress Sitefinity versions 14.0.7700 through 15.4.8630. The vulnerability allows remote unauthenticated attackers to obtain plain-text credentials used to connect to Sitefinity Insight service. Exploitation requires active integration with Sitefinity Insight and non-default site configuration. The vulnerability affects multiple version ranges across Sitefinity 14.x and 15.x branches. This represents a significant security risk as it exposes credentials without requiring authentication.