CVE-2026-7201

Summary

CWE-639: Authorization Bypass Through User-Controlled Key in web services in Progress Sitefinity 15.2.x before 15.2.8441, 15.3.x before 15.3.8531, and 15.4.x before 15.4.8630 allows a remote authenticated attacker to modify account properties of other users, potentially leading to account compromise. Successful exploitation requires knowledge of values that are not generally exposed to low-privileged users.

Affected Software

VendorProductVersion RangeStatus
Progress SoftwareSitefinity15.2.8400 < 15.2.8441affected
Progress SoftwareSitefinity15.3.8500 < 15.3.8531affected
Progress SoftwareSitefinity15.4.8600 < 15.4.8630affected

Weaknesses

  • CWE-639: CWE-639: Authorization Bypass Through User-Controlled Key

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References