Progress Stetifinity Security Advisory: Critical & High CVEs (Auth Bypass/Insufficient Protection) & Fixes

Vulnerability Overview Progress Stetifinity has confirmed the existence of multiple security vulnerabilities, including CVE-2026-7312, CVE-2026-7198, CVE-2026-7195, CVE-2026-7201, and CVE-2026-7313. These vulnerabilities have High and Critical CVSS ratings and affect multiple versions of Progress Stetifinity. Scope of Impact Products: Stetifinity OMS and Stetifinity Insight Versions: 8.x, 9.x, 10.x, 11.x, 12.x, 13.x, 14.x, 15.x Operating Systems: All supported operating systems Database: All supported Microsoft SQL Server versions Remediation Progress has released product updates, and it is strongly recommended that all Progress Stetifinity customers apply these updates as soon as possible. Below are the updated versions for each release: Vulnerability Details 1. CVE-2026-7312 - Description: Insufficient credential protection - CVSS Score: 10.0 (Critical) - Affected Versions: 14.0 to 15.4 2. CVE-2026-7198 - Description: Insufficient access control - CVSS Score: 9.8 (Critical) - Affected Versions: 15.4.8623 to 15.4.8629 3. CVE-2026-7195 - Description: Insufficient input validation - CVSS Score: 8.8 (High) - Affected Versions: 14.1 to 15.4 4. CVE-2026-7201 - Description: Authorization bypass via user-controlled keys - CVSS Score: 8.8 (High) - Affected Versions: 15.2 to 15.4 5. CVE-2026-7313 - Description: Insufficient credential protection - CVSS Score: 8.7 (High) - Affected Versions: 8.0 to 15.3 Additional Information Release Date: May 2026 Last Updated: June 2, 2026 Related Links: Stetifinity Lifecycle Policy Important Notes Please read this notice carefully to understand the brief description of the security vulnerabilities, potential impacts, important links, and additional information. If you have any questions, please contact Progress Technical Support. Disclaimer The information in this document may come from internal or external sources of Progress Software Corporation. Progress Software Corporation makes reasonable efforts to verify the information but does not guarantee its accuracy. Sample code is provided "as is," and Progress provides no express or implied warranties. Files No files uploaded. Keywords Stetifinity Cloud Stetifinity Product Updates and Related Stetifinity Errors and Issues Stetifinity Frontend and Backend Development Stetifinity Upgrades Stetifinity General Discussion Last Modified Date June 2, 2026, 1:06 PM Footer Copyright © 2026 Progress Software Corporation and its subsidiaries or affiliates. All rights reserved. Terms of Use Social Media Facebook Twitter LinkedIn YouTube Other Do Not Sell My Personal Information --- The above is a summary of the key information regarding the vulnerability from the webpage screenshot.

Goal Reached Thanks to every supporter — we hit 100%!

Progress Stetifinity Security Advisory: Critical & High CVEs (Auth Bypass/Insufficient Protection) & Fixes