Zero Day MonitorZDM
DashboardVulnerabilitiesTrendingZero-DaysNewsAbout
Login
ImpressumPrivacy Policy
Zero Day Monitor © 2026
3615 articles · 169892 vulns · 37/41 feeds (7d)
← Back to list
9.6
CVE-2026-8037KEVEXPLOITEDPATCHED
progress · adc

OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster, ECS Connection Manager, Object Scale Connection Manager & MOVEit WAF

Description

OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an un-authenticated attacker to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in multiple command endpoints

Affected Products

VendorProductVersions
progressadcV7.2.60.0, V7.2.45.12, V7.2.60.0, V7.2.60.0, V7.2.60.0

Also Affects

Downstream vendors/products affected by this vulnerability

VendorProductSourceConfidence
kemploadmastercert_advisory90%

References

  • https://community.progress.com/s/article/LoadMaster-Critical-Security-Bulletin-June-2026-CVE-2026-8037-CVE-2026-33691(vendor-advisory)

Related News (6 articles)

Tier D
The Hacker News9h ago
Progress Kemp LoadMaster Pre-Auth RCE Flaw Faces Active Exploitation Attempts
→ No new info (linked only)
Tier D
The Hacker News1d ago
Progress Kemp LoadMaster Flaw Could Let Attackers Run Root Commands Pre-Auth
→ No new info (linked only)
Tier E
Reddit r/cybersecurity2d ago
Enterprise Tech In, Shell Out (Progress Kemp LoadMaster Uninitialized Heap to Pre-Auth RCE CVE-2026-8037) - watchTowr Labs
→ No new info (linked only)
Tier E
Reddit r/netsec2d ago
Enterprise Tech In, Shell Out (Progress Kemp LoadMaster Uninitialized Heap to Pre-Auth RCE CVE-2026-8037) - watchTowr Labs
→ No new info (linked only)
Tier B
BSI Advisories23d ago
[NEU] [hoch] Kemp LoadMaster: Mehrere Schwachstellen
→ No new info (linked only)
Tier C
VulDB27d ago
CVE-2026-8037 | Progress LoadMaster API command injection
→ No new info (linked only)
CVSS 3.19.6 CRITICAL
VectorCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CISA KEV✅ Yes
Actively exploited✅ Yes
Patch available
null
CWECWE-77
PublishedJun 4, 2026
Last enriched27d agov2
Trending Score129🔥
Source articles6
Independent5
Info Completeness9/14
Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

0
Login to vote
0 upvotes0 downvotes
No votes yet

Related CVEs (5)

CRITICALCVE-2026-7198
CWE-284: Improper Access Control in web services in Progress Sitefinity
Trending: 4
CRITICALCVE-2026-7312
CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity
Trending: 3
HIGHCVE-2026-7313
CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity
Trending: 3
HIGHCVE-2026-7201
CWE-639: Authorization Bypass Through User-Controlled Key in web services in Progress Sitefinity
Trending: 3
HIGHCVE-2026-7195EXP
CWE-20: Improper Input Validation in web services in Progress Sitefinity
Trending: 2

Pin to Dashboard

Verification

State: unverified
Confidence: 0%

Vulnerability Timeline

CVE Published
Jun 4, 2026
Added to CISA KEV
Jun 4, 2026
Discovered by ZDM
Jun 4, 2026
Updated: description, patchAvailable
Jun 4, 2026
Actively Exploited
Jul 1, 2026
Patch Available
Jul 1, 2026

Version History

v2
Last enriched 27d ago
v2Tier C27d ago

Updated description with more technical detail and corrected exploit availability to false.

descriptionpatchAvailable
via VulDB
v127d ago

Initial creation