← Back to Vulnerability Reports CVE Intelligence

CVE-2026-8037

See advisoryCRITICAL · CVSS 9.6 In the wild

What is CVE-2026-8037?

OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an un-authenticated attacker to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in multiple command endpoints

CVSS9.6 NVD 3.1
SeverityCRITICAL
Exploitation In the wild
EPSS30% · P98
Triage statusActive Exploit
ActionPatch within 48 hours
CVSS vectorCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
NVD published2026-06-04
NVD last modified2026-07-01

Timeline

  • 2026-06-04Published to the U.S. National Vulnerability Database (NVD)
  • 2026-07-01NVD record last updated

Affected product

See advisory

Remediation Steps

  1. Apply Progress vendor patch addressing OS command injection flaw
  2. Review access controls to Kemp LoadMaster management interfaces
  3. Monitor system logs for evidence of exploitation attempts
  4. Test patching in a non-production environment first

Referenced in our briefings & reports

Browse all tracked CVEs in the defend.network CVE database →

🤖 This CVE page is generated by defend.network from NVD, CISA KEV, EPSS, and our verified daily briefings. Severity and exploitation data come from official sources; always verify remediation steps against the official vendor advisory before acting in production.

Get Critical CVE Alerts

Subscribe free and hear about actively exploited CVEs like this one first.