A critical vulnerability in Progress Kemp LoadMaster can let an unauthenticated attacker execute arbitrary commands as root on the appliance by sending a crafted request to its API.
The flaw, tracked as CVE-2026-8037, carries a CVSS score of 9.8 according to ZDI. A patch is available. If you run LoadMaster with the API enabled, update now.
Progress published its advisory on June
from The Hacker News https://ift.tt/gFR2wxL
via Cyber Security
The Hacker News
Progress Kemp LoadMaster Flaw Could Let Attackers Run Root Commands Pre-Auth
A critical vulnerability in Progress Kemp LoadMaster can let an unauthenticated attack…