CVE-2026-8037

Summary

OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an un-authenticated attacker to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in multiple command endpoints

Affected Software

VendorProductVersion RangeStatus
Progress SoftwareLoadMasterV7.2.60.0 < V7.2.63.2affected
Progress SoftwareLoadMasterV7.2.45.12 < V7.2.54.18affected
Progress SoftwareECS Connections ManagerV7.2.60.0 < V7.2.63.2affected
Progress SoftwareObject Scale Connection ManagerV7.2.60.0 < V7.2.63.2affected
Progress SoftwareMOVEit WAFV7.2.60.0 < V7.2.63.2affected

Weaknesses

  • CWE-77: CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')

Workarounds

plain text

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

Additional References

References