Vulnerability Management

Progress Kemp LoadMaster vulnerability actively exploited

According to The Hacker News, eSentire reports that a critical security flaw affecting Progress Kemp LoadMaster devices is currently being targeted by exploitation attempts. The vulnerability, identified as CVE-2026-8037, allows for arbitrary code execution on affected appliances.

The operating system command injection flaw, with a CVSS score of 9.6, enables unauthenticated attackers to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input. Progress detailed the vulnerability, noting it stems from improper handling of user-supplied input within a function named "escape_quotes()", which fails to properly null-terminate sanitized strings. This can lead to an out-of-bounds read into adjacent heap memory, allowing attackers to issue specially crafted requests to the "/accessv2" endpoint to achieve command injection.

While initial exploitation attempts observed by eSentire's Threat Response Unit ended in failure, the availability of a proof-of-concept exploit is expected to increase malicious activity. This marks the second critical Progress Kemp LoadMaster vulnerability to see active exploitation this year, following CVE-2024-1212.

Source: The Hacker News

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds