CVE-2026-8079
Received Received - Intake

Authenticated User Privilege Escalation in Progress Flowmon

Vulnerability report for CVE-2026-8079, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-02

Last updated on: 2026-07-02

Assigner: Progress Software Corporation

Description

In Progress Flowmon versions prior to 12.5.9 and 13.0.11, a vulnerability exists whereby an authenticated low-privileged user may craft a request during the PDF generation process that results in operations being performed with the privileges of another user, potentially leading to unauthorized access to sensitive data and unintended modifications to system configuration.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-02
Last Modified
2026-07-02
Generated
2026-07-02
AI Q&A
2026-07-02
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
flowmon in_progress_flowmon to 12.5.9|end_excluding=13.0.11 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-863 The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in Progress Flowmon versions prior to 12.5.9 and 13.0.11. It allows an authenticated user with low privileges to craft a specially designed request during the PDF generation process. This crafted request can cause operations to be executed with the privileges of another user, which may lead to unauthorized access to sensitive data and unintended changes to system configuration.

Impact Analysis

The vulnerability can lead to unauthorized access to sensitive information and unintended modifications to system settings. Because operations may be performed with elevated privileges, an attacker could potentially access data they should not see or alter system configurations, which could compromise system integrity and security.

Compliance Impact

This vulnerability allows an authenticated low-privileged user to perform operations with the privileges of another user during the PDF generation process, potentially leading to unauthorized access to sensitive data and unintended modifications to system configuration.

Such unauthorized access and potential data exposure could impact compliance with standards and regulations like GDPR and HIPAA, which require strict controls over access to sensitive personal and health information.

Therefore, organizations using affected versions of Flowmon may face increased risk of non-compliance due to this vulnerability.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-8079. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart