CVE-2026-3692 Progress — Exploit & Vulnerability Details HIGH

CVE-2026-3692

HIGH CVSS 4.0: 8.7 EPSS 0.17%

Parameter	Value
CVSS	8.7 (HIGH)
Affected Versions	before 12.5.8
Fixed In	12.5.8
Type	CWE-78 (OS Command Injection)
Vendor	Progress
Public PoC	No

In Progress Flowmon versions prior to 12.5.8, a vulnerability exists whereby an authenticated low-privileged user may craft a request during the report generation process that results in unintended commands being executed on the server.

Attack Parameters

Attack Vector

Network

Can be exploited remotely

Attack Complexity

Low

Easy to exploit

Attack Requirements

None

No additional conditions

Privileges Required

Low

Basic privileges needed

User Interaction

None

No user interaction needed

Impact Assessment

Confidentiality

High

Complete data leak

Integrity

High

Complete data modification

Availability

High

Complete denial of service

CVSS Vector v4.0

Weakness Type (CWE)

CWE-78 OS Command Injection

Vulnerable Products 1

Configuration	From (including)	Up to (excluding)
Progress Flowmon cpe:2.3:a:progress:flowmon::::::::	—	`12.5.8`

References 1

https://community.progress.com/s/article/CVE-2026-3692-Progress-Flowmon

security@progress.com

Share Post Share Share Share

Related Vulnerabilities

CVE-2026-2878

Progress

5.9

CVE-2025-11235

Progress

7.5

CVE-2025-10703

Progress

8.6

CVE-2025-10702

Progress

8.6

CVE-2024-6097

Progress

5.3

Menu

CVE-2026-3692

Attack Parameters

Impact Assessment

CVSS Vector v4.0

Weakness Type (CWE)

Vulnerable Products 1

References 1

Related Vulnerabilities

CVE-2026-2878

CVE-2025-11235

CVE-2025-10703

CVE-2025-10702

CVE-2024-6097

CVE Details

Editor's Choice

Menu

CVE-2026-3692

Attack Parameters

Impact Assessment

CVSS Vector v4.0

Weakness Type (CWE)

Vulnerable Products 1

References 1

Related Vulnerabilities

CVE-2026-2878

CVE-2025-11235

CVE-2025-10703

CVE-2025-10702

CVE-2024-6097

CVE Details

Editor's Choice

Stay informed on cybersecurity