Critical Pre-Auth RCE Vulnerability (CVE-2026-8037) Discovered in Progress Kemp LoadMaster — CVSS 9.8
By
HackMoN Ai
Summary
A critical vulnerability (CVE-2026-8037) has been disclosed in Progress Kemp LoadMaster, a widely used load balancer and Application Delivery Controller (ADC). The flaw enables unauthenticated remote attackers to execute arbitrary commands with root privileges via a crafted API request, stemming from improper input sanitization and an uninitialized-memory bug. With a CVSS score of 9.8, this pre-authentication Remote Code Execution (RCE) vulnerability poses severe risk to affected appliances and organizations are urged to patch immediately.
Source
bskyCritical Pre-Auth RCE Vulnerability (CVE-2026-8037) Discovered in Progress Kemp LoadMaster — CVSS 9.8undercodetesting.comKey quotes
· 3 pulledA newly disclosed critical vulnerability in Progress Kemp LoadMaster, tracked as CVE-2026-8037, allows unauthenticated remote attackers to execute arbitrary commands with root privileges on affected appliances via a crafted API request.
With a CVSS score of 9.8, this pre-authentication Remote Code Execution (RCE) flaw stems from improper input sanitization and an uninitialized-memory bug in LoadMaster's API handling.
Given that LoadMaster is a widely deployed edge load balancer and Application Delivery Controller (ADC), this vulnerability exposes
You might also wanna read
Critical Security Vulnerability CVE-2025-66478 in React Server Components Protocol
A critical security vulnerability (CVE-2025-66478) has been discovered in the React Server Components (RSC) protocol with a CVSS score of 10
Critical Redis Security Vulnerability CVE-2025-49844 Allows Remote Code Execution
Redis has identified and fixed a critical security vulnerability (CVE-2025-49844) that allows authenticated users to execute remote code thr
Critical Redis Vulnerability (CVE-2025-49844) Allows Remote Code Execution with Maximum CVSS Score
Wiz Research has discovered a critical remote code execution vulnerability (CVE-2025-49844, nicknamed #RediShell) in Redis, the widely used
Critical RCE vulnerability CVE-2026-3854 discovered in GitHub's internal git infrastructure
Wiz Research discovered a critical vulnerability (CVE-2026-3854) in GitHub's internal git infrastructure affecting both GitHub.com and GitHu
Critical Security Vulnerability in React Server Components (CVE-2025-55182) Allows Remote Code Execution
The React team disclosed a critical security vulnerability (CVE-2025-55182) rated CVSS 10.0 that allows unauthenticated remote code executio
Critical React Vulnerability (CVE-2025-55182) Enables Remote Code Execution in React 19 and Next.js
A critical security vulnerability (CVE-2025-55182) has been discovered in React Server Components' 'Flight' protocol, affecting React 19 and

Comments
Sign in to join the conversation.
No comments yet. Be the first.