HackerFeeds

CyberSecurity News

Progress Kemp LoadMaster Flaw Could Let Attackers Run Root Commands Pre-Auth

The Hacker News
· June 30, 2026
Vulnerabilities

AI summary

A critical vulnerability in Progress Kemp LoadMaster allows an unauthenticated attacker to execute arbitrary commands as root by sending a crafted request to the appliance's API. The flaw has a CVSS score of 9.8 and can be exploited by sending a specially crafted request. A patch for the issue is available, and users who have the API enabled are advised to update. The vulnerability is tracked as CVE-2026-8037. Progress published an advisory for the issue in June. Users running LoadMaster with the API enabled should apply the patch to prevent potential exploitation.

Vulnerabilities mentioned

CVE-2026-8037
CRITICAL
CVSS 9.6

OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an un-authenticated attacker to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in multiple command endpoints

Read the full article at The Hacker Newsthehackernews.com/2026/06/progress-kemp-loadmaster-flaw-could-let.html

This is an AI-generated brief aggregated by HackerFeeds for convenience and grounded in the source’s own summary; the related CVE, threat-group and country data is from HackerFeeds’ own indexes. The original article is the authoritative source — all rights belong to The Hacker News.