CVE-2026-7198: CWE-284: Improper Access Control in web services in Progress Sitefinity

Q: What is the severity of CVE-2026-7198?

The severity of CVE-2026-7198 is rated as critical with a score of 9.8.

Q: How do I fix CVE-2026-7198?

To fix CVE-2026-7198, update Progress Sitefinity to version 15.4.8630 or later.

Q: What type of vulnerability is CVE-2026-7198?

CVE-2026-7198 is an improper access control vulnerability in web services.

Q: Who is affected by CVE-2026-7198?

CVE-2026-7198 affects installations of Progress Sitefinity versions 15.4.8623 and earlier.

Q: What impact does CVE-2026-7198 have?

CVE-2026-7198 can lead to full compromise of confidentiality, integrity, and availability of affected installations.

Published Jun 2, 2026

Updated

CWE-284: Improper Access Control in web services in Progress Sitefinity 15.4.8623 before 15.4.8630 allows a remote unauthenticated attacker to access content that should be restricted, resulting in full compromise of confidentiality, integrity, and availability of affected installations.

Affected Software

2 affected components

Progress Sitefinity>=15.4.8623<15.4.8630

Event History

Jun 2, 2026

CVE Published

via MITRE·01:06 PM

Data Sourced

via MITRE·01:06 PM

DescriptionSeverityWeakness

Data Sourced

via NVD·02:17 PM

DescriptionSeverityWeaknessAffected Software

Frequently Asked Questions

What is the severity of CVE-2026-7198?

The severity of CVE-2026-7198 is rated as critical with a score of 9.8.

How do I fix CVE-2026-7198?

To fix CVE-2026-7198, update Progress Sitefinity to version 15.4.8630 or later.

What type of vulnerability is CVE-2026-7198?

CVE-2026-7198 is an improper access control vulnerability in web services.

Who is affected by CVE-2026-7198?

CVE-2026-7198 affects installations of Progress Sitefinity versions 15.4.8623 and earlier.

What impact does CVE-2026-7198 have?