CVE-2026-8079

HIGH

Progress Flowmon < 12.5.9/13.0.11 - Authenticated Unauthorized Actions via PDF Generation

Title source: manual
STIX 2.1

Description

In Progress Flowmon versions prior to 12.5.9 and 13.0.11, a vulnerability exists whereby an authenticated low-privileged user may craft a request during the PDF generation process that results in operations being performed with the privileges of another user, potentially leading to unauthorized access to sensitive data and unintended modifications to system configuration.

References (1)

Core 1
Core References

Scores

CVSS v4 8.7
EPSS 0.0021
EPSS Percentile 10.9%
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-863
Status published
Products (2)
Progress Software/Flowmon Flowmon 12 versions prior to 12.5.9
Progress Software/Flowmon Flowmon 13 versions prior to 13.0.11
Published Jul 02, 2026
Tracked Since Jul 02, 2026