CVE Catalog

CVE-2026-8079

HighCVSS 8.7
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.21%

11th percentile — higher than 11% of all known CVEs

Summary

In Progress Flowmon versions prior to 12.5.9 and 13.0.11, an authenticated low-privileged user may craft a request during PDF generation, resulting in operations performed with another user's privileges. This could lead to unauthorized access to sensitive data and unintended system configuration changes.

Risk Assessment

The organization is at risk of sensitive data leakage and unauthorized configuration modifications, potentially compromising system integrity and control over the network monitoring environment.

Recommendation

Immediately upgrade Progress Flowmon to version 12.5.9 or 13.0.11, which contain the fix for this vulnerability.

Original NVD description (English source)

In Progress Flowmon versions prior to 12.5.9 and 13.0.11, a vulnerability exists whereby an authenticated low-privileged user may craft a request during the PDF generation process that results in operations being performed with the privileges of another user, potentially leading to unauthorized access to sensitive data and unintended modifications to system configuration.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS