Medium severity6.1NVD Advisory· Published Apr 2, 2026· Updated Apr 21, 2026

CVE-2026-2737

Description

A vulnerability exists in Progress Flowmon versions prior to 12.5.8 and 13.0.6, whereby an administrator who clicks a malicious link provided by an attacker may inadvertently trigger unintended actions within their authenticated web session.

Affected products

Progress (organisation)/Flowmon
cpe:2.3:a:progress:flowmon:*:*:*:*:*:*:*:*
Range: >=12.0.0,<12.5.8

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

community.progress.com/s/article/CVE-2026-2737-Progress-FlowmonnvdVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.397
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000