RCE in Progress Software Flowmon

CVE-2026-3692

In Progress Flowmon versions prior to 12.5.8, a vulnerability exists whereby an authenticated low-privileged user may craft a request during the report generation process that results in unintended commands being executed on the server.

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.000 (13.4th percentile) — read the EPSS interpretation.