CVE Catalog

CVE-2026-2737

MediumCVSS 6.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.20%

9th percentile - higher than 9% of all known CVEs

Summary

A vulnerability in Progress Flowmon versions prior to 12.5.8 and 13.0.6 allows an attacker to trick an administrator into clicking a malicious link, potentially triggering unintended actions within their authenticated web session.

Risk Assessment

The risk is that an attacker can exploit administrator trust to perform unauthorized operations in the Flowmon system, potentially leading to configuration compromise or access to sensitive data.

Recommendation

It is recommended to immediately update Progress Flowmon to version 12.5.8 or 13.0.6, and to train administrators to recognize suspicious links.

Original NVD description (English source)

A vulnerability exists in Progress Flowmon versions prior to 12.5.8 and 13.0.6, whereby an administrator who clicks a malicious link provided by an attacker may inadvertently trigger unintended actions within their authenticated web session.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS