Progress LoadMaster API command injection

Added: 07/02/2026
CVE: CVE-2026-8037

Background

LoadMaster is delivery and security application with cloud-native, virtual and hardware load balancers.

Problem

A command injection vulnerability allows remote attackers to execute arbitrary code by sending a specially crafted API request.

Resolution

Upgrade to LoadMaster GA 7.2.63.2 or higher or LoadMaster LTSF 7.2.54.18 or higher.

References

https://community.progress.com/s/article/LoadMaster-Critical-Security-Bulletin-June-2026-CVE-2026-8037-CVE-2026-33691
https://labs.watchtowr.com/enterprise-tech-in-shell-out-progress-kemp-loadmaster-uninitialized-heap-to-pre-auth-rce-cve-2026-8037/

Back to exploit index