CVE-2026-8079
HIGHProgress Flowmon < 12.5.9/13.0.11 - Authenticated Unauthorized Actions via PDF Generation
Title source: manualDescription
In Progress Flowmon versions prior to 12.5.9 and 13.0.11, a vulnerability exists whereby an authenticated low-privileged user may craft a request during the PDF generation process that results in operations being performed with the privileges of another user, potentially leading to unauthorized access to sensitive data and unintended modifications to system configuration.
References (1)
Core 1
Core References
Vendor Advisory vendor-advisory
https://community.progress.com/s/article/Flowmon-CVE-2026-8079
Scores
CVSS v4
8.7
EPSS
0.0021
EPSS Percentile
10.9%
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-863
Status
published
Products (2)
Progress Software/Flowmon
Flowmon 12 versions prior to 12.5.9
Progress Software/Flowmon
Flowmon 13 versions prior to 13.0.11
Published
Jul 02, 2026
Tracked Since
Jul 02, 2026