Auth bypass in Progress Software Flowmon
CVE-2026-8079
In Progress Flowmon versions prior to 12.5.9 and 13.0.11, a vulnerability exists whereby an authenticated low-privileged user may craft a request during the PDF generation process that results in operations being performed with the privile…
Vulnerability class: Broken Access Control
Affected products
- Progress Software Flowmon — versions Flowmon 12 versions prior to 12.5.9, Flowmon 13 versions prior to 13.0.11, Flowmon 13 versions prior to 13.0.10
Weakness classification (CWE)
References
- security@progress.com (vendor-advisory)