Unintended Action Vulnerability in Progress Flowmon Administrators
CVE-2026-2737

8.5HIGH

Key Information:

Vendor: Progress Software
Status: Flowmon
Vendor: CVE Published:; 2 April 2026

🔔 Create Progress Software Vulnerability Alert

What is CVE-2026-2737?

A security vulnerability affects Progress Flowmon versions prior to 12.5.8 and 13.0.6. An authenticated administrator could be misled into clicking a malicious link sent by an attacker. This action may result in unintended consequences for the active web session, potentially compromising the integrity and security of the system.

Affected Version(s)

Flowmon Flowmon 12 versions prior to 12.5.8

Flowmon Flowmon 13 versions prior to 13.0.6

References

https://community.progress.com/s/article/CVE-2026-2737-Pr...

vendor-advisory

CVSS V4

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 2, 2026
Vulnerability Reserved
Feb 19, 2026

CVE-2026-2737 Data

JSON