CVE-2026-3519

OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “VS Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the 'aclcontrol' command...

CVE-2026-3519 OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster, ECS Connection Manager, Object Scale Connection Manager & MOVEit WAF

OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “VS Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the 'aclcontrol' command...

CVE-2026-3518

OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “All” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the 'killsession' command...

CVE-2026-3518

CVE-2026-4048, CVE-2026-3518, and CVE-2026-3519 are Progress LoadMaster family command-injection/RCE vulnerabilities. Each allows an authenticated attacker with specific permissions to execute arbitrary commands on LoadMaster appliances by supplying unsanitized input via different entry points: C...

CVE-2026-3518 OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster, ECS Connection Manager, Object Scale Connection Manager & MOVEit WAF

OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “All” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the 'killsession' command...

CVE-2026-3518 OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster, ECS Connection Manager, Object Scale Connection Manager & MOVEit WAF

OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “All” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the 'killsession' command...

CVE-2026-3517 OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster, ECS Connection Manager, Object Scale Connection Manager & MOVEit WAF

OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “Geo Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the 'addcountry' command...

CVE-2026-3517 OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster, ECS Connection Manager, Object Scale Connection Manager & MOVEit WAF

OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “Geo Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the 'addcountry' command...

CVE-2026-3517

CVE-2026-4048: OS Command Injection / Remote Code Execution in Progress LoadMaster UI (and related components: ECS Connection Manager, Object Scale Connection Manager & MOVEit WAF). An authenticated attacker with All permissions can execute arbitrary commands on the LoadMaster appliance by exploi...

CVE-2026-3517

OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “Geo Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the 'addcountry' command...

Progress LoadMaster 安全漏洞

Progress LoadMaster is a high-performance application delivery controller ADC and load balancer developed by the American company Progress. There is a security vulnerability in Progress LoadMaster, which stems from the uncleaned input of custom WAF rule files during file uploads. This vulnerabili...

Progress LoadMaster 安全漏洞

Progress LoadMaster is a high-performance application delivery controller ADC and load balancer developed by the American company Progress. There is a security vulnerability in Progress LoadMaster, which stems from uncleaned input for the addcountry command. This vulnerability could allow...

PT-2026-33762

Name of the Vulnerable Software and Affected Versions Progress ADC Products affected versions not specified Description An OS command injection flaw allows an authenticated attacker with "All" permissions to execute arbitrary commands on the LoadMaster appliance. This occurs due to unsanitized...

Progress LoadMaster 安全漏洞

Progress LoadMaster is a high-performance application delivery controller ADC and load balancer developed by the American company Progress. There is a security vulnerability in Progress LoadMaster, which stems from uncleaned input for the aclcontrol command. This vulnerability could allow...

PT-2026-33761

Name of the Vulnerable Software and Affected Versions Progress ADC LoadMaster affected versions not specified Description An OS command injection flaw in the API allows an authenticated attacker with Geo Administration permissions to execute arbitrary commands on the appliance. This is possible d...

Progress LoadMaster 安全漏洞

Progress LoadMaster is a high-performance application delivery controller ADC and load balancer developed by the American company Progress. There is a security vulnerability in Progress LoadMaster, which stems from uncleaned input for the killsession command. This vulnerability could allow...

EUVD-2026-23362

Vault is vulnerable to a denial-of-service condition where an unauthenticated attacker can repeatedly initiate or cancel root token generation or rekey operations, occupying the single in-progress operation slot. This prevents legitimate operators from completing these workflows. This...

CVE-2026-5807

Vault is vulnerable to a denial-of-service condition where an unauthenticated attacker can repeatedly initiate or cancel root token generation or rekey operations, occupying the single in-progress operation slot. This prevents legitimate operators from completing these workflows. This...

CVE-2026-5807

Vault is vulnerable to a denial-of-service condition: an unauthenticated attacker can repeatedly initiate or cancel root token generation or rekey operations, occupying the single in-progress operation slot and preventing legitimate operators from completing these workflows. The issue is fixed in...

CVE-2026-5807 Vault Vulnerable to Denial-of-Service via Unauthenticated Root Token Generation/Rekey Operations

Vault is vulnerable to a denial-of-service condition where an unauthenticated attacker can repeatedly initiate or cancel root token generation or rekey operations, occupying the single in-progress operation slot. This prevents legitimate operators from completing these workflows. This...