CVE-2026-2737
MediumCVSS 6.1Exploitation Probability (EPSS)
Low risk9th percentile - higher than 9% of all known CVEs
Summary
A vulnerability in Progress Flowmon versions prior to 12.5.8 and 13.0.6 allows an attacker to trick an administrator into clicking a malicious link, potentially triggering unintended actions within their authenticated web session.
Risk Assessment
The risk is that an attacker can exploit administrator trust to perform unauthorized operations in the Flowmon system, potentially leading to configuration compromise or access to sensitive data.
Recommendation
It is recommended to immediately update Progress Flowmon to version 12.5.8 or 13.0.6, and to train administrators to recognize suspicious links.
Original NVD description (English source)
A vulnerability exists in Progress Flowmon versions prior to 12.5.8 and 13.0.6, whereby an administrator who clicks a malicious link provided by an attacker may inadvertently trigger unintended actions within their authenticated web session.

