CVE-2026-3517

Summary

OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “Geo Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the 'addcountry' command

Affected Software

VendorProductVersion RangeStatus
Progress SoftwareLoadMaster7.1.32.0 < V7.2.63.0affected
Progress SoftwareECS Connections Manager7.2.49.0 < V7.2.63.0affected
Progress SoftwareObject Scale Connection Manager7.2.62.0 < V7.2.63.0affected
Progress SoftwareMOVEit WAF7.2.62.0 < V7.2.63.0affected

Weaknesses

  • CWE-77: CWE-77

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References