CVE-2026-4048

🗓️ 20 Apr 2026 13:36:49Reported by ProgressSoftwareType

cve🔗 web.nvd.nist.gov📰️ 1 Media mentions👁 2 Views

CVE-2026-4048: An authenticated attacker with all permissions can inject commands via WAF rule upload on LoadMaster.

Reporter	Title	Published	Views	Family All 16
ATTACKERKB	CVE-2026-4048	20 Apr 202613:36	–	attackerkb
ATTACKERKB	CVE-2026-3518	20 Apr 202613:29	–	attackerkb
ATTACKERKB	CVE-2026-3519	20 Apr 202613:32	–	attackerkb
ATTACKERKB	CVE-2026-3517	20 Apr 202613:22	–	attackerkb
Circl	CVE-2026-4048	20 Apr 202611:13	–	circl
CNNVD	Progress LoadMaster 安全漏洞	20 Apr 202600:00	–	cnnvd
Cvelist	CVE-2026-4048 OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster, ECS Connection Manager, Object Scale Connection Manager & MOVEit WAF	20 Apr 202613:36	–	cvelist
EUVD	EUVD-2026-23856	20 Apr 202615:31	–	euvd
EUVD	EUVD-2026-23857	20 Apr 202615:31	–	euvd
EUVD	EUVD-2026-23858	20 Apr 202615:31	–	euvd

NVD

Node

progress connection_manager_for_objectscaleRange<7.2.63.1

progress ecs_connection_managerRange<7.2.63.1

progress loadmasterRange<7.2.54.17ltsf

progress loadmasterRange<7.2.63.1ga

[
  {
    "vendor": "Progress Software",
    "product": "LoadMaster",
    "versions": [
      {
        "status": "affected",
        "version": "V7.1.20.0",
        "lessThan": "V7.2.63.0",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "Progress Software",
    "product": "ECS Connections Manager",
    "versions": [
      {
        "status": "affected",
        "version": "V7.2.49.0",
        "lessThan": "V7.2.63.0",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "Progress Software",
    "product": "Object Scale Connection Manager",
    "versions": [
      {
        "status": "affected",
        "version": "V7.2.62.0",
        "lessThan": "V7.2.63.0",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "Progress Software",
    "product": "MOVEit WAF",
    "versions": [
      {
        "status": "affected",
        "version": "V7.2.62.0",
        "lessThan": "V7.2.63.0",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
community	www.community.progress.com/s/article/LoadMaster-Security-Vulnerabilites-CVE-2026-3517-CVE-2026-3518-CVE-2026-3519-CVE-2026-4048-CVE-2026-21876

01 May 2026 17:34Current

6.4Medium risk

Vulners AI Score6.4

CVSS 3.17.2 - 8.4

EPSS0.00031

SSVC

CWE-77