logo

Progress Kemp LoadMaster Flaw Could Let Attackers Run Root Commands Pre-Auth

ID: 049a2866-1dd4-53af-badb-7dbd118c234b

STIX ID: report--049a2866-1dd4-53af-badb-7dbd118c234b

Feed Name: The Hacker News

Threat Score
80/100

Date Published: 2026-06-30

Date Updated: 2026-07-01

Author: [email protected] (The Hacker News)

...
...

A critical unauthenticated command-injection vulnerability (CVE-2026-8037, CVSS 9.8) in Progress Kemp LoadMaster allows attackers to execute arbitrary commands as root by sending a crafted JSON request to the /accessv2 API endpoint; Progress has released patches for affected GA and LTSF versions, a public proof-of-concept exists, and administrators are urged to update or restrict API exposure.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.