CVE-2026-7312
Published:June 02, 2026
Updated:June 05, 2026
CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity version from 14.0.7700 to 14.4.8152, and 15.0.8200 to 15.0.8234, and 15.1.8300 to 15.1.8335, 15.2.8400 to 15.2.8441, 15.3.8500 to 15.3.8531, and 15.4.8600 to 15.4.8630 allows a remote unauthenticated attacker to obtain plain-text credentials used connect to Sitefinity Insight service. Successful exploitation requires active integration with Sitefinity Insight and non-default site configuration.
Affected Packages
telerik.sitefinity.core (NUGET):
Affected version(s) >=15.0.8200 <15.0.8234Fix Suggestion:
Update to version 15.0.8234telerik.sitefinity.core (NUGET):
Affected version(s) >=15.4.8600 <15.4.8630Fix Suggestion:
Update to version 15.4.8630telerik.sitefinity.core (NUGET):
Affected version(s) >=14.0.7700 <14.4.8152Fix Suggestion:
Update to version 14.4.8152telerik.sitefinity.core (NUGET):
Affected version(s) >=15.1.8300 <15.1.8335Fix Suggestion:
Update to version 15.1.8335telerik.sitefinity.core (NUGET):
Affected version(s) >=15.3.8500 <15.3.8531Fix Suggestion:
Update to version 15.3.8531telerik.sitefinity.core (NUGET):
Affected version(s) >=15.2.8400 <15.2.8441Fix Suggestion:
Update to version 15.2.8441Related Resources (1)
Do you need more information?
Contact UsCVSS v4
Base Score:
9.9
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
NONE
Vulnerable System Confidentiality
HIGH
Vulnerable System Integrity
HIGH
Vulnerable System Availability
NONE
Subsequent System Confidentiality
HIGH
Subsequent System Integrity
HIGH
Subsequent System Availability
NONE
CVSS v3
Base Score:
10
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
NONE
Weakness Type (CWE)
Insufficiently Protected Credentials
EPSS
Base Score:
0.03