Progress Kemp LoadMaster Flaw Could Let Attackers Run Root Commands Pre-Auth
Summary
A critical vulnerability in Progress Kemp LoadMaster allows unauthenticated attackers to execute arbitrary root commands via its API by sending a crafted request. The flaw, tracked as CVE-2026-8037, has a CVSS score of 9.8, and a patch is available. Users with the API enabled are urged to update their systems immediately.
IFF Assessment
This vulnerability allows unauthenticated attackers to gain root-level control over critical network appliances, posing a significant threat to defenders.
Severity
The high CVSS score of 9.8 is attributed to the ability for an unauthenticated attacker to execute arbitrary code with root privileges, allowing for complete compromise of the affected appliance.
Defender Context
This critical vulnerability in Progress Kemp LoadMaster presents a severe risk, as it allows for pre-authentication root command execution. Defenders must prioritize patching this vulnerability on all exposed LoadMaster appliances, especially those with the API enabled, to prevent unauthorized access and potential system compromise.