← Back to Intel Feed Snapshot (2026-07-02)

CVE-2026-8037 is a critical pre-authentication remote code execution (RCE) vulnerability in Progress Kemp LoadMaster appliances. The flaw stems from an uninitialized heap vulnerability within the device's API, allowing unauthenticated attackers to send crafted network requests that trigger OS command injection. Successful exploitation grants immediate root-level privileges, leading to total system compromise. Disclosed in June 2026 and subsequently observed in active exploitation by threat actors targeting critical infrastructure, the vulnerability carries a CVSS score of 9.8. Immediate remediation via vendor-supplied patches or disabling the API is required to prevent full appliance takeover.

  • Vulnerability Overview: CVE-2026-8037

    • Critical flaw affecting the API component of Progress Kemp LoadMaster appliances.
    • Classified as a pre-authentication RCE, identified internally as ZDI-26-318.
    • Grants attackers direct root-level access without requiring valid credentials.
  • Technical Deep Dive: Root Cause

    • Identified by WatchTowr as an uninitialized heap vulnerability.
    • Attack vector involves sending specifically crafted API requests over the network.
    • The vulnerability allows for arbitrary OS command injection during the processing of API requests.
  • Exploitation Status & Impact

    • Active exploitation confirmed by eSentire and H-ISAC in early July 2026.
    • Threat actors are specifically targeting critical infrastructure utilizing these appliances.
    • Impact is rated as "Total" for confidentiality, integrity, and availability (CVSS 9.6 - 9.8).
  • Remediation & Defensive Actions

    • Prioritize the application of official security patches released by Progress.
    • Disable the API interface if it is not required for core operational functionality.
    • Implement strict network segmentation and monitor for anomalous API traffic.
  • Intelligence Attribution

    • Zero Day Initiative (ZDI) provided the initial assessment and vulnerability discovery.
    • WatchTowr conducted the technical research to identify the heap-based root cause.
    • eSentire and H-ISAC provided the first telemetry regarding in-the-wild exploitation.

Related posts

  1. feeds.feedburner.com — Progress Kemp LoadMaster Flaw Could Let Attackers Run Root Commands Pre-Auth
  2. Labs
  3. Community
  4. Gbhackers
  5. Mondoo
  6. Zerodayinitiative
  7. Utopiats
  8. feeds.feedburner.com — Progress Kemp LoadMaster Pre-Auth RCE Flaw Faces Active Exploitation Attempts
  9. Esentire
  10. Aha
  11. Trendmicro
  12. Cve
  13. Access
  14. Tenable

LINK COPIED TO CLIPBOARD