Back to Blog
CVE-2026-8037: Progress Kemp LoadMaster — Remote Root Code Execution Risk (June 2026)
vulnerabilities

CVE-2026-8037: Progress Kemp LoadMaster — Remote Root Code Execution Risk (June 2026)

breachwire TeamJul 1, 20262 min read

CVE-2026-8037 — Progress Kemp LoadMaster

CVE-2026-8037 is a critical vulnerability in Progress Kemp LoadMaster that allows unauthenticated attackers to execute arbitrary commands as root by sending specially crafted API requests. This flaw is rated critical and, while no active exploitation has been reported, a public proof of concept is available, significantly raising the risk profile.

Attack Vector

Attackers can remotely exploit vulnerable LoadMaster appliances by sending a malicious API request to the management interface when the API is enabled. No authentication is required, and exploitation results in root-level command execution. The attacker needs only network access to the management interface; no credentials or prior compromise are necessary. The vulnerability can be leveraged to gain full control of the device, disrupt traffic management, and establish a foothold for lateral movement within the network.

Who Is at Risk

All organizations running affected versions of Progress Kemp LoadMaster with the API enabled are at immediate risk. The vulnerability impacts global deployments across enterprise, service provider, and government environments. Progress has confirmed the issue and released patches. Any unpatched LoadMaster appliance exposed to internal or external networks is vulnerable.

Patch & Mitigate

  • Patch: Apply the latest Progress Kemp LoadMaster security update released June 2026. Refer to Progress advisories for exact version details.
  • Workaround: Disable the LoadMaster API if patching is not immediately possible. Restrict management interface access to trusted networks only.
  • Detect: Monitor logs for unusual or unauthorized API requests, especially from unfamiliar IP addresses. Look for signs of unexpected root-level command execution or configuration changes.

MITRE ATT&CK

  • TA0001 — Initial Access: Attackers exploit the exposed API to gain a foothold without authentication.
  • TA0007 — Discovery: Once compromised, adversaries may enumerate internal network resources using root access.

Source: https://thehackernews.com/2026/06/progress-kemp-loadmaster-flaw-could-let.html

Start Your 14-Day Free Trial

Get curated cyber intelligence delivered to your inbox every morning at 6 AM. No credit card required.

Get Started Free
Share this article: