CVE-2026-9272
HighCVSS 8.7Exploitation Probability (EPSS)
Low risk14th percentile — higher than 14% of all known CVEs
Summary
In Progress Flowmon ADS versions prior to 12.5.6 and 13.0.5, a vulnerability allows an authenticated attacker with low privileges to send specially crafted requests, potentially leading to unauthorized access to application data and its modification.
Risk Assessment
The risk involves unauthorized reading and modification of sensitive data by a low-privileged user, which could compromise the confidentiality and integrity of information within the organization.
Recommendation
It is recommended to immediately upgrade Progress Flowmon ADS to version 12.5.6 or 13.0.5, which address this vulnerability.
Original NVD description (English source)
In Progress Flowmon ADS versions prior to 12.5.6 and 13.0.5, a vulnerability exists whereby an adversary who is authenticated as a low-privileged user in the Anomaly Detection System (ADS) may send specially crafted requests that could result in unauthorized access to application data and its modification.

