Flowmon ADS: Unauthorized Code Execution via Malicious Network Data

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

8.6

Flowmon ADS: Unauthorized Code Execution via Malicious Network Data

CVE-2026-2514

Summary

Old versions of Flowmon ADS allow an attacker with access to monitoring ports to create fake network data that, when viewed by a user, could run malicious code in the user's browser. This could lead to unintended actions or unauthorized access. Update to version 12.5.5 or 13.0.3 to fix this issue.

Original title

Original description

In Progress Flowmon ADS versions prior to 12.5.5 and 13.0.3, a vulnerability exists whereby an adversary with access to Flowmon monitoring ports may craft malicious network data that, when processed by Flowmon ADS and viewed by an authenticated user, could result in unintended actions being executed in the user's browser context.

nvd CVSS4.0 8.6

Vulnerability type

CWE-79 Cross-site Scripting (XSS)

https://community.progress.com/s/article/CVE-2026-2514-Progress-Flowmon-ADS

Published: 12 Mar 2026 · Updated: 14 Mar 2026 · First seen: 12 Mar 2026