A critical vulnerability in Progress Kemp LoadMaster can let an unauthenticated attacker execute arbitrary commands as root on the appliance by sending a crafted request to its API.

The flaw, tracked as CVE-2026-8037, carries a CVSS score of 9.8 according to ZDI. A patch is available. If you run LoadMaster with the API enabled, update now.

Progress published its advisory on June



Source: TheHackerNews
Source Link: https://thehackernews.com/2026/06/progress-kemp-loadmaster-flaw-could-let.html