feeds.feedburner.com • 6h
Pre-Authentication Root RCE in Progress Kemp LoadMaster CVE-2026-8037
CVE-2026-8037 is a critical pre-authentication remote code execution (RCE) vulnerability in Progress Kemp LoadMaster appliances. The flaw stems from an uninitialized heap vulnerability within the device's API, allowing unauthenticated attackers to send crafted network requests that trigger OS command injection. Successful exploitation grants immediate root-level privileges, leading to total system compromise. Disclosed in June 2026 and subsequently observed in active exploitation by threat actors targeting critical infrastructure, the vulnerability carries a CVSS score of 9.8. Immediate remediation via vendor-supplied patches or disabling the API is required to prevent full appliance takeover.
Links:feeds.feedburner.com, Labs, Community, Gbhackers, Mondoo, Zerodayinitiative, Utopiats, Esentire, Aha, Trendmicro, Cve, Access, Tenable •