CVE-2026-8037

OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster, ECS Connection Manager, Object Scale Connection Manager & MOVEit WAF

CVSS 9.6 CRITICALEPSS 1.9%CWE-77

OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an un-authenticated attacker to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in multiple command endpoints

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Produtos afetados

Progress Software · ECS Connections Manager Progress Software · LoadMaster Progress Software · MOVEit WAF Progress Software · Object Scale Connection Manager

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://community.progress.com/s/article/LoadMaster-Critical-Security-Bulletin-June-2026-CVE-2026-8037-CVE-2026-33691