CVE-2026-9272

Summary

In Progress Flowmon ADS versions prior to 12.5.6 and 13.0.5, a vulnerability exists whereby an adversary who is authenticated as a low-privileged user in the Anomaly Detection System (ADS) may send specially crafted requests that could result in unauthorized access to application data and its modification.

Affected Software

VendorProductVersion RangeStatus
Progress SoftwareFlowmon ADSFlowmon ADS 12 versions prior to 12.5.6affected
Progress SoftwareFlowmon ADSFlowmon ADS 13 versions prior to 13.0.5affected

Weaknesses

  • CWE-89: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References