Progress Kemp LoadMaster Flaw Could Let Attackers Run Root Commands Pre-Auth
ID: 049a2866-1dd4-53af-badb-7dbd118c234b
STIX ID: report--049a2866-1dd4-53af-badb-7dbd118c234b
Feed Name: The Hacker News
Threat Score
A critical unauthenticated command-injection vulnerability (CVE-2026-8037, CVSS 9.8) in Progress Kemp LoadMaster allows attackers to execute arbitrary commands as root by sending a crafted JSON request to the /accessv2 API endpoint; Progress has released patches for affected GA and LTSF versions, a public proof-of-concept exists, and administrators are urged to update or restrict API exposure.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
