AccurioPro Flux logo

Security patch installer for security vulnerabilities

The security patch installer fixes several vulnerabilities in AccurioPro Flux.

Download

27.01.2026: The patch has been updated to include fixes for vulnerabilities in MongoDB and Node.js HTTP/2 (CVE-2025-14847, CVE-2025-59465)

The following vulnerabilities are addressed by the installer. Please note that it contains no other updates and no changes are made to the installed version of AccurioPro Flux. The installer can be used without a valid Software Maintenance Plan (SMP) and can be run again when patches for new vulnerabilities are added.

  • FLX-8429 (January 2026)
    A potential unauthorized memory read in MongoDB (Mongobleed, CVE-2025-14847)

    Affected editions: AccurioPro Flux Essential, Premium, Ultimate
    Affected versions: 7.0 until 10.2.2.78547
    Affected components: Flux Server

    MongoDB is used as the main database for Flux Server. The MongoDB instances used by Flux Server are not reachable over the network. An attacker would require access to the machine Flux Server is running on, therefore the risk posed by this vulnerability is low in the context of AccurioPro Flux.

    To the best of our knowledge, this vulnerability has not been exploited in connection with AccurioPro Flux.

    Note that this update only applies to Flux versions 10.0.0 through 10.2.2.To fix the vulnerabilities in environments running older versions of AccurioPro Flux, please update to the latest version. An active Software Maintenance Plan (SMP) is required.
     
  • FLX-8525 (January 2026)
    A potential denial-of-service vulnerability in Node.js HTTP/2 (CVE-2025-59465)

    Affected editions: AccurioPro Flux Ultimate
    Affected versions: 9.0 until 10.2.2.78547
    Affected components: Flux Web

    This vulnerability can potentially lead to a denial-of-service in the Flux Web online shop.

    To the best of our knowledge, this vulnerability has not been exploited.

    Note that this update only applies to Flux version 10.2.2. To fix the vulnerabilities in environments running older versions of AccurioPro Flux, please update to the latest version. An active Software Maintenance Plan (SMP) is required.
     
  • FLX-8261 (November 2025)
    A potential remote code execution vulnerability in 7-Zip (CVE-2025-11001)

    Affected editions: AccurioPro Flux Essential, Premium, Ultimate
    Affected versions: 8.0 until 10.2.2.78546
    Affected components: Flux Server

    7-Zip is used in the Backup and restore feature of AccurioPro Flux. The vulnerability in 7-Zip is known to be actively exploited, although we are not aware of any instance of AccurioPro Flux being targeted. It is strongly recommended for users to install this security patch or update to the latest version.
     
  • FLX-8118 (November 2025)
    A potential remote code execution vulnerability in ImageMagick (CVE-2025-57807)

    Affected editions: AccurioPro Flux Essential, Premium, Ultimate
    Affected versions: 8.0 until 10.2.2.78536
    Affected components: Flux Server, Flux Web, Flux Workstation

    To the best of our knowledge, this vulnerability has not been actively exploited.
     
  • FLX-7425 (May 2025)
    A remote code execution vulnerability in a third-party component used by AccurioPro Flux which can allow attackers to execute malicious code on the system running AccurioPro Flux.

    Affected editions: AccurioPro Flux Essential, Premium, Ultimate
    Affected versions: 8.4.0 until 10.2.0.77842
    Affected components:  Flux Server & Flux Web

    This issue was discovered through internal penetration testing and, to the best of our knowledge, is not being actively exploited or known publicly.
     
  • FLX-7411 (May 2025)
    A denial-of-service vulnerability in AccurioPro Flux Web that can be used to cause a service outage by causing the Flux Web server to crash.

    Affected editions: AccurioPro Flux Ultimate
    Affected versions: 10.0.0 until 10.2.0.77842
    Affected components:  Flux Web

    This issue was discovered internally and, to the best of our knowledge, is not being actively exploited or known publicly.
     
  • FLX-6554 (September 2024)
    The patch also includes the fix for the 'ImageTragick' vulnerability that was previously released as a separate patch installer in September 2024. This vulnerability could allow the unauthorized execution of external code.

    Affected editions: AccurioPro Flux Essential, Premium, Ultimate
    Affected versions: 8.0 until 10.0.2
    Affected components: Flux Server, Flux Web, Flux Workstation

    To the best of our knowledge, this vulnerability has not been actively exploited.

We recommend updating all affected installations immediately to patch these critical vulnerabilities.

To install the patch, simply unzip the ZIP file, run the provided EXE file and follow the on-screen instructions. Please refer to the included ReadMe for further information.

Important notes

  • The patch installer can be used with AccurioPro Flux versions 8.0 through 10.2.2.78547. It will automatically fix the vulnerabilities contained in the respective version, except stated otherwise.
  • Install the patch on all machines that run affected AccurioPro Flux components, for example Flux Server, Flux Web or Flux Workstation. 
  • If Flux Workstation is installed at a later date via the installer on the Flux Server download page, the patch installer must be run again afterwards.
  • The patch installer can also be used with customized installations. 
  • The patch installer can be used without a valid software maintenance plan (SMP).