Command Execution Vulnerability in Flowmon by Progress
CVE-2026-3692

8.7HIGH

Key Information:

Vendor: Progress Software
Status: Flowmon
Vendor: CVE Published:; 2 April 2026

🔔 Create Progress Software Vulnerability Alert

What is CVE-2026-3692?

A command injection vulnerability exists in Progress Flowmon versions prior to 12.5.8. This flaw allows an authenticated low-privileged user to manipulate requests during the report generation process, potentially leading to the execution of unintended commands on the server. Such a security loophole can expose the server to unauthorized operations and data risks. Users are advised to upgrade to the latest version to mitigate potential threats.

Affected Version(s)

Flowmon Flowmon 12 versions prior to 12.5.8

References

https://community.progress.com/s/article/CVE-2026-3692-Pr...

vendor-advisory

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 2, 2026
Vulnerability Reserved
Mar 7, 2026

CVE-2026-3692 Data

JSON