Description
In Progress Flowmon versions prior to 12.5.9 and 13.0.11, a vulnerability exists whereby an authenticated low-privileged user may craft a request during the PDF generation process that results in operations being performed with the privileges of another user, potentially leading to unauthorized access to sensitive data and unintended modifications to system configuration.
Published: 2026-07-02
Score: 8.7 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

No analysis available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 02 Jul 2026 15:45:00 +0000

Type Values Removed Values Added
First Time appeared Progress Software
Progress Software flowmon
Vendors & Products Progress Software
Progress Software flowmon

Thu, 02 Jul 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Thu, 02 Jul 2026 15:15:00 +0000

Type Values Removed Values Added
Description In Progress Flowmon versions prior to 12.5.9 and 13.0.10, a vulnerability exists whereby an authenticated low-privileged user may craft a request during the PDF generation process that results in operations being performed with the privileges of another user, potentially leading to unauthorized access to sensitive data and unintended modifications to system configuration. In Progress Flowmon versions prior to 12.5.9 and 13.0.11, a vulnerability exists whereby an authenticated low-privileged user may craft a request during the PDF generation process that results in operations being performed with the privileges of another user, potentially leading to unauthorized access to sensitive data and unintended modifications to system configuration.

Thu, 02 Jul 2026 14:30:00 +0000

Type Values Removed Values Added
Description In Progress Flowmon versions prior to 12.5.9 and 13.0.10, a vulnerability exists whereby an authenticated low-privileged user may craft a request during the PDF generation process that results in operations being performed with the privileges of another user, potentially leading to unauthorized access to sensitive data and unintended modifications to system configuration.
Title Unintended limited set of actions with elevated privileges may be performed during PDF generation in Progress Flowmon
Weaknesses CWE-863
References
Metrics cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N'}


Subscriptions

Progress Software Flowmon
cve-icon MITRE

Status: PUBLISHED

Assigner: ProgressSoftware

Published:

Updated: 2026-07-02T14:37:24.697Z

Reserved: 2026-05-07T11:23:34.754Z

Link: CVE-2026-8079

cve-icon Vulnrichment

Updated: 2026-07-02T14:37:19.217Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-02T15:30:05Z

Weaknesses