PULSE
LIVE15signals / 24h
FEED
ransomqilin reclama a PP+K · BR · Not Foundransomqilin reclama a Eana · AR · Not Foundransomqilin reclama a Synergy Products · TR · Not Foundransomnova reclama a meralmanisa · TR · Not Foundransomnova reclama a Dephub · ID · Not Foundransomnova reclama a Jota Joias Premium · BR · Consumer Servicesransomqilin reclama a Don Tortaco Mexican Grill · US · Hospitality and Tourismransomqilin reclama a Associated Theatrical Contractors · US · Business Servicesransompayload reclama a CKR Consulting Engineers · Business Servicesransomblackout reclama a yano.tokyo · JP · Technologyransomblackout reclama a www.miatech.net · US · Technologyransomblackout reclama a bluebellgroup.com · GB · Not Foundransomthegentlemen reclama a Ecopetrol · CO · Energyransomqilin reclama a City Ambulance Service · Healthcareransomqilin reclama a PP+K · BR · Not Foundransomqilin reclama a Eana · AR · Not Foundransomqilin reclama a Synergy Products · TR · Not Foundransomnova reclama a meralmanisa · TR · Not Foundransomnova reclama a Dephub · ID · Not Foundransomnova reclama a Jota Joias Premium · BR · Consumer Servicesransomqilin reclama a Don Tortaco Mexican Grill · US · Hospitality and Tourismransomqilin reclama a Associated Theatrical Contractors · US · Business Servicesransompayload reclama a CKR Consulting Engineers · Business Servicesransomblackout reclama a yano.tokyo · JP · Technologyransomblackout reclama a www.miatech.net · US · Technologyransomblackout reclama a bluebellgroup.com · GB · Not Foundransomthegentlemen reclama a Ecopetrol · CO · Energyransomqilin reclama a City Ambulance Service · Healthcare
← All CVEs
CVE WatchJul 6, 2026

CVE-2026-3692

In Progress Flowmon versions prior to 12.5.8, a vulnerability exists whereby an authenticated low-privileged user may craft a request during

CVSS

8.8

High

EPSS

0.4%

p34

KEV

Exploit Today

10

0-100

Published: Apr 2, 2026 · Last modified: Jul 6, 2026 · CWE-78

EPSS · 30d
0.4%EPSS · 30 days0.4%
2026-06-302026-07-19
Technical description

In Progress Flowmon versions prior to 12.5.8, a vulnerability exists whereby an authenticated low-privileged user may craft a request during the report generation process that results in unintended commands being executed on the server.

Official references
Related CVEs
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2026-341978.8 HIG
99.9%
KEV80Apache ActiveMQ Improper Input Validation Vulnerability5d
CVE-2024-121210.0 CRI
99.9%
KEV80Progress Kemp LoadMaster OS Command Injection Vulnerability6d
CVE-2026-398089.8 CRI
99.7%
KEV80Fortinet FortiSandbox OS Command Injection Vulnerability3d
CVE-2022-262589.8 CRI
99.6%
KEV80D-Link DIR-820L Remote Code Execution Vulnerability10d
CVE-2026-422718.8 HIG
99.6%
KEV80BerriAI LiteLLM Command Injection Vulnerability5d
CVE-2021-252988.8 HIG
99.5%
KEV80Nagios XI OS Command Injection10d