CVE-2026-3692
HIGH WAF: High
CVSS 8.8
Published: 2026-04-02
CWE-78
In Progress Flowmon versions prior to 12.5.8, a vulnerability exists whereby an authenticated low-privileged user may craft a request during the report generation process that results in unintended commands being executed on the server.
WAF Coverage Analysis
OS Command Injection
High WAF Coverage
OWASP: A03:2021 Injection
932xxx - Remote Code Execution
Affected Software
| Vendor | Product | Version |
|---|---|---|
| progress | flowmon | up to 12.5.8 |
References
- community.progress.com (Vendor Advisory)