CVE-2026-2737 Progress — Exploit & Vulnerability Details HIGH

CVE-2026-2737

HIGH CVSS 4.0: 8.5 EPSS 0.00%

Parameter	Value
CVSS	8.5 (HIGH)
Affected Versions	before 12.5.8
Type	CWE-79 (Cross-Site Scripting (XSS))
Vendor	Progress
Public PoC	No

A vulnerability exists in Progress Flowmon versions prior to 12.5.8 and 13.0.6, whereby an administrator who clicks a malicious link provided by an attacker may inadvertently trigger unintended actions within their authenticated web session.

Attack Parameters

Attack Vector

Network

Can be exploited remotely

Attack Complexity

Low

Easy to exploit

Attack Requirements

None

No additional conditions

Privileges Required

Low

Basic privileges needed

User Interaction

Active

User action required

Impact Assessment

Confidentiality

High

Complete data leak

Integrity

High

Complete data modification

Availability

High

Complete denial of service

CVSS Vector v4.0

Weakness Type (CWE)

CWE-79 Cross-Site Scripting (XSS)

References 1

https://community.progress.com/s/article/CVE-2026-2737-Progress-Flowmon

security@progress.com

Share Post Share Share Share

Menu

CVE-2026-2737

Attack Parameters

Impact Assessment

CVSS Vector v4.0

Weakness Type (CWE)

References 1

CVE Details

Editor's Choice

Menu

CVE-2026-2737

Attack Parameters

Impact Assessment

CVSS Vector v4.0

Weakness Type (CWE)

References 1

CVE Details

Editor's Choice

Stay informed on cybersecurity