PT-2026-45761 · Progress · Sitefinity
Published
2026-06-02
·
Updated
2026-06-02
·
CVE-2026-7201
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Progress Sitefinity versions 15.2.x through 15.2.8440
Progress Sitefinity versions 15.3.x through 15.3.8530
Progress Sitefinity versions 15.4.x through 15.4.8629
Description
An authorization bypass exists in web services where a user-controlled key can be manipulated. This allows a remote authenticated attacker to modify account properties of other users, which could potentially lead to account compromise. Successful exploitation requires knowledge of specific values that are typically not exposed to low-privileged users.
Recommendations
Update versions 15.2.x to 15.2.8441.
Update versions 15.3.x to 15.3.8531.
Update versions 15.4.x to 15.4.8630.
Fix
IDOR
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sitefinity