CVE-2026-53209

Patch Priority: Sitefinity Credential Exposure with likely internet exposure (CVSS 9.8-10.0)

Affected: Progress Sitefinity; OpenMed; Spacelabs Sentinel; Masteriyo LMS PRO; Kirki

Internet-facing risks dominate, led by Sitefinity and multiple pre-auth remote code execution and privilege escalation flaws across CMS and plugin ecosystems; fixes and mitigations below.

CVE-2026-7312 (CVSS 10.0) An unauthenticated attacker can obtain plain-text credentials used to connect to Sitefinity Insight via the web service in affected Sitefinity versions 14.0.7700-14.4.8152, 15.0.8200-15.0.8234, 15.1.8300-15.1.8335, 15.2.8400-15.2.8441, 15.3.8500-15.3.8531, and 15.4.8600-15.4.8630.

CVE-2026-47117 (CVSS 9.8) OpenMed before 1.5.2 contains a remote code execution vulnerability in the privacy-filter model loading path; OpenMed before 1.5.2 is affected, and an unauthenticated attacker can supply a malicious model repository via config.json or tokenizer config.json, which is loaded and executed with the service process privileges.

CVE-2026-0611 (CVSS 9.8) Spacelabs Sentinel versions 10.5.x and 11.x.x before 11.6.0 allow unauthenticated remote code execution via a deprecated .NET Remoting HTTP channel exposed on port 8989, enabling arbitrary file read and write operations if the port is network-accessible.

CVE-2026-53209 (CVSS 9.8) Masteriyo LMS PRO has an Incorrect Privilege Assignment vulnerability that enables privilege escalation; affects Masteriyo LMS PRO up to version 2.20.0.

CVE-2026-8206 (CVSS 9.8) Kirki - Freeform Page Builder accepts an arbitrary email address in a password reset request, enabling account takeover; affects Kirki versions 6.0.0-6.0.6.

🛠️ Action • Patch/upgrade to fixed versions called out or vendor advisory latest. • Prioritize internet-facing instances and edge appliances first. • If no fix yet, apply mitigations and reduce exposure (disable feature/module, restrict access). • Add detections for exploitation patterns (process spawning, webshell/file-write paths, auth anomalies). • Hunt for indicators around the affected services during the disclosure-to-now window (logs, EDR, WAF). • Validate remediation (version checks, config verification) and monitor for reversion