CVE-2026-7313

CVSS v3.1

8.7

High

Vector

AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Progress Sitefinity versions 8.0.5700 through 13.3.7652

Description Insufficiently protected credentials in web services allow a remote authenticated attacker to obtain plain-text credentials used to connect to the Sitefinity Insight service. Successful exploitation requires active integration with Sitefinity Insight, a non-default site configuration, and valid back-end authorization.

Recommendations Update Progress Sitefinity to a version later than 13.3.7652.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2026-7313

Affected Products

Sitefinity

CVE-2026-7313

Related Identifiers

Affected Products

References · 3