CVE Catalog

CVE-2026-9272

HighCVSS 8.7
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.23%

14th percentile — higher than 14% of all known CVEs

Summary

In Progress Flowmon ADS versions prior to 12.5.6 and 13.0.5, a vulnerability allows an authenticated attacker with low privileges to send specially crafted requests, potentially leading to unauthorized access to application data and its modification.

Risk Assessment

The risk involves unauthorized reading and modification of sensitive data by a low-privileged user, which could compromise the confidentiality and integrity of information within the organization.

Recommendation

It is recommended to immediately upgrade Progress Flowmon ADS to version 12.5.6 or 13.0.5, which address this vulnerability.

Original NVD description (English source)

In Progress Flowmon ADS versions prior to 12.5.6 and 13.0.5, a vulnerability exists whereby an adversary who is authenticated as a low-privileged user in the Anomaly Detection System (ADS) may send specially crafted requests that could result in unauthorized access to application data and its modification.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS