CVE-2026-8037: Critical Unauthenticated RCE in Progress Kemp LoadMaster Actively Exploited
By
HackMoN Ai
Summary
A critical unauthenticated remote code execution vulnerability (CVE-2026-8037) in Progress Kemp LoadMaster is being actively exploited in the wild. The flaw, with a CVSS score of 9.6, allows attackers to execute arbitrary commands via unsanitized input in the LoadMaster API. Since LoadMaster appliances sit at the edge of enterprise networks handling sensitive traffic, this poses a severe risk. The article provides a technical deep dive into the vulnerability and urges immediate patching.
Source
bskyCVE-2026-8037: Critical Unauthenticated RCE in Progress Kemp LoadMaster Actively Exploitedundercodetesting.comKey quotes
· 3 pulledThis vulnerability allows unauthenticated attackers to execute arbitrary commands on affected appliances by exploiting unsanitized input within the LoadMaster API.
With a CVSS score of 9.6, this flaw poses a severe risk to organizations, as LoadMaster appliances often sit at the edge of enterprise networks, handling sensitive traffic and managing access to internal resources.
A critical security flaw in Progress Kemp LoadMaster, tracked as CVE-2026-8037, is currently being actively exploited in the wild.
You might also wanna read
Critical Redis Security Vulnerability CVE-2025-49844 Allows Remote Code Execution
Redis has identified and fixed a critical security vulnerability (CVE-2025-49844) that allows authenticated users to execute remote code thr
Critical Security Vulnerability in React Server Components (CVE-2025-55182) Allows Remote Code Execution
The React team disclosed a critical security vulnerability (CVE-2025-55182) rated CVSS 10.0 that allows unauthenticated remote code executio
Critical Redis Vulnerability (CVE-2025-49844) Allows Remote Code Execution with Maximum CVSS Score
Wiz Research has discovered a critical remote code execution vulnerability (CVE-2025-49844, nicknamed #RediShell) in Redis, the widely used
Critical Authentication Bypass Vulnerability Discovered in cPanel & WHM (CVE-2026-41940)
watchTowr Labs reports on a critical authentication bypass vulnerability (CVE-2026-41940) in cPanel & WHM, a widely-used web hosting control
watchTowr Labs·2mo agoCritical Security Vulnerability CVE-2025-66478 in React Server Components Protocol
A critical security vulnerability (CVE-2025-66478) has been discovered in the React Server Components (RSC) protocol with a CVSS score of 10
CVE-2026-45185 (Dead.Letter): Unauthenticated RCE in Exim Discovered by XBOW
XBOW discovered CVE-2026-45185, a critical unauthenticated remote code execution vulnerability in Exim mail server. The article details the

Comments
Sign in to join the conversation.
No comments yet. Be the first.