socradar.io 7/2/2026, 9:24:30 AM · external

CVE-2026-8037: Progress Kemp LoadMaster RCE Exploited in the Wild

CVE-2026-8037: Progress Kemp LoadMaster RCE Exploited in the Wild
Developing story vulnerability 4 articles tracked
Multiple critical flaws affect Progress Kemp LoadMaster appliances
CyberSIXT Evidence Panel
CISA KEV Not in KEV
Patch Patch Status Unknown

CVE- 2026-8037 is a critical vulnerability affecting Progress Kemp LoadMaster, enabling pre-authenticated Remote Code Execution (RCE) via OS command injection through the product’s API. Active exploitation attempts began on June 29, 2026, coinciding with the public release of a proof-of-concept code. The affected versions include LoadMaster GA v7.2.63.1 and older, and LTSF v7.2.54.17 and older.

The exploitation risk is heightened as the LoadMaster often operates at a sensitive network edge, making it a significant target for attackers. Organizations are advised to prioritize firmware updates and reduce API exposure. Key mitigation strategies include restricting access to trusted networks and monitoring for suspicious activity.

View full article

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline