CVE-2026-7313— CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity

CVSS 8.7 · High Updated Jun 02, 2026

Possible ATT&CK Techniques 1AI

Affected Version Matrix 1

Vendor	Product	Version Range	Status
Progress Software	Sitefinity	`8.0.5700< 13.3.7652`	affected

Get alerts for future matching vulnerabilitiesLog in to subscribe

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity

Source: NVD (National Vulnerability Database)

Vulnerability Description

CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity version from 8.0.5700 to 13.3.7652 allows a remote authenticated attacker to obtain plain-text credentials used connect to Sitefinity Insight service. Successful exploitation requires active integration with Sitefinity Insight, non-default site configuration and valid back-end authorization.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Progress Software	Sitefinity	8.0.5700 ~ 13.3.7652	-

II. Public POCs for CVE-2026-7313

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2026-7313

请登录查看更多情报信息。

Vendor Advisories for CVE-2026-7313 (1)

🔗 Sitefinity Security Advisory for Addressing Security Vulnerabilities CVE-2026-7312, CVE-2026-7198, CVE-2026-7195, CVE-2026-7201, CVE-2026-7313, May 2026 - Progress Community Read full article vendor-advisory

https://nvd.nist.gov/vuln/detail/CVE-2026-7313

Same Patch Batch · Progress Software · 2026-06-02 · 5 CVEs total

CVE-2026-7312	10.0 CRITICAL	CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity
CVE-2026-7198	9.8 CRITICAL	CWE-284: Improper Access Control in web services in Progress Sitefinity
CVE-2026-7195	8.8 HIGH	CWE-20: Improper Input Validation in web services in Progress Sitefinity
CVE-2026-7201	8.8 HIGH	CWE-639: Authorization Bypass Through User-Controlled Key in web services in Progress Site

IV. Related Vulnerabilities

Same product: Sitefinity

Same vendor: Progress Software

V. Comments for CVE-2026-7313

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2026-7313— CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity

Possible ATT&CK Techniques 1AI

Affected Version Matrix 1

I. Basic Information for CVE-2026-7313

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2026-7313

III. Intelligence Information for CVE-2026-7313

Vendor Advisories for CVE-2026-7313 (1)

Same Patch Batch · Progress Software · 2026-06-02 · 5 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2026-7313

Leave a comment