PT-2026-29738 · Progress · Flowmon
Published
2026-04-02
·
Updated
2026-04-02
·
CVE-2026-3692
CVSS v4.0
8.7
High
| AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
In Progress Flowmon versions prior to 12.5.8, a vulnerability exists whereby an authenticated low-privileged user may craft a request during the report generation process that results in unintended commands being executed on the server.
Fix
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Flowmon