PatchSiren cyber security CVE debrief
CVE-2026-8037 Progress Software CVE debrief
CVE-2026-8037 is a critical OS Command Injection Remote Code Execution Vulnerability in the API of Progress ADC Products. This vulnerability allows an unauthenticated attacker to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in multiple command endpoints. The vulnerability has a CVSS score of 9.6, indicating a critical severity level.
- Vendor
- Progress Software
- Product
- LoadMaster
- CVSS
- CRITICAL 9.6
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-04
- Original CVE updated
- 2026-06-04
- Advisory published
- 2026-06-04
- Advisory updated
- 2026-06-04
Who should care
Administrators and users of Progress ADC Products, particularly those using the LoadMaster appliance, should be aware of this vulnerability and take immediate action to mitigate the risk.
Technical summary
The vulnerability exists in the API of Progress ADC Products, specifically in multiple command endpoints that do not properly sanitize input. This allows an unauthenticated attacker to inject OS commands, leading to remote code execution.
Defensive priority
High
Recommended defensive actions
- Apply the patch provided by Progress as soon as possible.
- Review and update the configuration of the LoadMaster appliance to ensure that it is not exposed to untrusted networks.
- Implement additional security measures, such as monitoring and logging, to detect and respond to potential attacks.
Evidence notes
The CVE record and NVD detail can be found at [cve-org] and [nvd], respectively. Additional information is available in the Progress community article [ref-4].
Official resources
-
CVE-2026-8037 CVE record
CVE.org
-
CVE-2026-8037 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2026-8037 was published on 2026-06-04T14:16:45.177Z and modified on 2026-06-04T15:35:18.623Z.