CVE-2026-8079

Summary

In Progress Flowmon versions prior to 12.5.9 and 13.0.11, a vulnerability exists whereby an authenticated low-privileged user may craft a request during the PDF generation process that results in operations being performed with the privileges of another user, potentially leading to unauthorized access to sensitive data and unintended modifications to system configuration.

Affected Software

VendorProductVersion RangeStatus
Progress SoftwareFlowmonFlowmon 12 versions prior to 12.5.9affected
Progress SoftwareFlowmonFlowmon 13 versions prior to 13.0.11affected

Weaknesses

  • CWE-863: CWE-863 Incorrect Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References