According to The Hacker News, eSentire reports that a critical security flaw affecting Progress Kemp LoadMaster devices is currently being targeted by exploitation attempts. The vulnerability, identified as CVE-2026-8037, allows for arbitrary code execution on affected appliances.The operating system command injection flaw, with a CVSS score of 9.6, enables unauthenticated attackers to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input. Progress detailed the vulnerability, noting it stems from improper handling of user-supplied input within a function named "escape_quotes()", which fails to properly null-terminate sanitized strings. This can lead to an out-of-bounds read into adjacent heap memory, allowing attackers to issue specially crafted requests to the "/accessv2" endpoint to achieve command injection.While initial exploitation attempts observed by eSentire's Threat Response Unit ended in failure, the availability of a proof-of-concept exploit is expected to increase malicious activity. This marks the second critical Progress Kemp LoadMaster vulnerability to see active exploitation this year, following CVE-2024-1212.Source: The Hacker News
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds




