Progress LoadMaster API command injection
Added: 07/02/2026CVE: CVE-2026-8037
Background
LoadMaster is delivery and security application with cloud-native, virtual and hardware load balancers.Problem
A command injection vulnerability allows remote attackers to execute arbitrary code by sending a specially crafted API request.Resolution
Upgrade to LoadMaster GA 7.2.63.2 or higher or LoadMaster LTSF 7.2.54.18 or higher.References
https://community.progress.com/s/article/LoadMaster-Critical-Security-Bulletin-June-2026-CVE-2026-8037-CVE-2026-33691https://labs.watchtowr.com/enterprise-tech-in-shell-out-progress-kemp-loadmaster-uninitialized-heap-to-pre-auth-rce-cve-2026-8037/
Back to exploit index
