CVE-2026-7313 | THREATINT

Description

CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity version from 8.0.5700 to 13.3.7652 allows a remote authenticated attacker to obtain plain-text credentials used connect to Sitefinity Insight service. Successful exploitation requires active integration with Sitefinity Insight, non-default site configuration and valid back-end authorization.

PUBLISHED Reserved 2026-04-28 | Published 2026-06-02 | Updated 2026-06-03 | Assigner ProgressSoftware

HIGH: 8.7CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N

Problem types

CWE‑522: Insufficiently Protected Credentials

Product status

Default status

unaffected

8.0.5700 (custom) before 13.3.7652

affected

References

community.progress.com/...E-2026-7201-CVE-2026-7313-May-2026 vendor-advisory

cve.org (CVE-2026-7313)

nvd.nist.gov (CVE-2026-7313)

Download JSON