vulnerability context

CVE-2026-8037

CVSS 9.6 CRITICALEPSS 77%CWE-77OTX 6 pulses

OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an un-authenticated attacker to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in multiple command endpoints

Published 2026-06-04 · last modified 2026-06-17

details

CISA KEV status: Not in catalog
CVSS v3: 9.6 / CRITICAL
CVSS vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS: 77% percentile (score 0.0187)
CWE: CWE-77
OTX pulses: 6 total, 0 recent

View on NVD → · cve.org

source mentions 2

Enterprise Tech In, Shell Out (Progress Kemp LoadMaster Uninitialized Heap to Pre-Auth RCE CVE-2026-8037) - watchTowr Labsr/cybersecurity · 7h ago
[CVE Alerts ] CVE-2026-8037 - OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster, ECS Connection Mana...Bluesky · 25d ago

source consensus

r/cybersecurity1×
Bluesky1×

Want the 3-bullet summary of CVE-2026-8037, plus webhook alerts when KEV is updated? Pro is $10/mo.

Open in reader See Pro →