CVE-2024-1212

CVE-2024-1212 Affects Progress Kemp LoadMaster. Unauthenticated attackers can trigger arbitrary command execution via the LoadMaster management interface, with exploits and PoCs published (e.g., through OS command injection on the /access/set endpoint). Public references show active exploitation ...

CVE-2024-3543

CVE-2024-3543 concerns Kemp LoadMaster components where a reversible password encryption method can be used to decrypt stored passwords. The underlying issue is that sensitive credentials can be decrypted by an attacker, enabling use of stolen credentials for arbitrary actions that could compromi...

CVE-2024-3544

CVE-2024-3544 concerns Kemp LoadMaster in HA/Cluster partner communications. The vulnerability allows unauthenticated attackers who share network access to the affected machine to perform actions using SSH private keys. Root cause is insufficient authentication between partners during communicati...

CVE-2024-56131

CVE-2024-56131 (and related CVEs 56132–56135) affect Progress LoadMaster and associated products, exposing OS command injection via improper input validation when an authenticated user interacts with the management interface. Affected versions include LoadMaster 7.2.55.0–7.2.60.1 (inclusive), 7.2...

CVE-2024-56135

Progress LoadMaster contains an Improper Input Validation vulnerability (CVE-2024-56135) affecting multiple LoadMaster versions from 7.2.48.12 and earlier, 7.2.49.0–7.2.54.12, and 7.2.55.0–7.2.60.1 (inclusive), with fixes in 7.2.54.13 (LTSF) and 7.2.61.0 (GA). The issue allows an authenticated us...

CVE-2024-56134

Progress LoadMaster has a class of vulnerabilities described as Improper Input Validation for authenticated users, enabling OS command injection. Affected are LoadMaster releases 7.2.55.0–7.2.60.1 (inclusive), 7.2.49.0–7.2.54.12 (inclusive), 7.2.48.12 and earlier; Multi-Tenant LoadMaster 7.1.35.1...

CVE-2025-1758

Progress LoadMaster CVE-2025-1758 is an improper input validation that can cause a buffer/stack overflow in the mangle executable. Affected: LoadMaster 7.2.40.0+, ECS all versions, Multi-Tenancy 7.1.35.4+. Impact ranges from high (NVD base 8.8, confidentiality/integrity/availability high) to pote...

CVE-2024-2449

CVE-2024-2449 describes a cross-site request forgery in Kemp LoadMaster. An authenticated LoadMaster administrator, who knows the IP/hostname, can be lured to a malicious site where a CSRF payload issues HTTP transactions on behalf of the admin. The core impact is unauthorized actions performed i...

CVE-2024-56132

The CVE-2024-56132 issue affects Progress LoadMaster and relates to improper input validation in the management interface, enabling potential OS command injection when an authenticated user sends crafted requests. The affected versions span LoadMaster 7.2.55.0–7.2.60.1 (inclusive), 7.2.49.0–7.2.5...

CVE-2024-2448

CVE-2024-2448 describes an OS command injection in Kemp/LoadMaster. An authenticated UI user with any permission level can inject commands into a UI component via a shell command, leading to possible OS command execution with high impact (confidentiality, integrity, availability all high). Affect...

CVE-2024-56133

CVE-2024-56133 is a known issue in Progress LoadMaster involving improper input validation that enables an unauthenticated or authenticated user to trigger an OS command injection via the management interface. The vulnerability affects LoadMaster versions: 7.2.55.0–7.2.60.1 (inclusive) , 7.2.49.0...

CVE-2024-6658

CVE-2024-6658 is an Improper Input Validation vulnerability affecting Kemp LoadMaster products. The issue allows an authenticated user to trigger OS command injection due to improper input validation in LoadMaster’s exposed functionality. Affected versions include LoadMaster 7.2.55.0–7.2.60.0 (in...

CVE-2026-3517

CVE-2026-4048: OS Command Injection / Remote Code Execution in Progress LoadMaster UI (and related components: ECS Connection Manager, Object Scale Connection Manager & MOVEit WAF). An authenticated attacker with All permissions can execute arbitrary commands on the LoadMaster appliance by exploi...

CVE-2024-8755

CVE-2024-8755 is an Improper Input Validation vulnerability in Progress LoadMaster and Progress Multi-Tenant Hypervisor that allows OS Command Injection for authenticated users via the LoadMaster management interface. Affected: LoadMaster versions 7.2.55.0–7.2.60.1; 7.2.49.0–7.2.54.12; 7.2.48.12 ...

CVE-2026-3518

CVE-2026-4048, CVE-2026-3518, and CVE-2026-3519 are Progress LoadMaster family command-injection/RCE vulnerabilities. Each allows an authenticated attacker with specific permissions to execute arbitrary commands on LoadMaster appliances by supplying unsanitized input via different entry points: C...

CVE-2025-13447

CVE-2025-13447 corresponds to a remote code execution via OS Command Injection in Progress LoadMaster API. The connected ZDI advisories detail multiple command-injection flaws (delapikey, delcert, listapikeys, addapikey, getcipherset) that allow authenticated network-adjacent attackers to execute...

CVE-2025-13444

The CVE-2025-13444 family concerns OS Command Injection / Remote Code Execution in Progress Software Kemp LoadMaster. Connected ZDI advisories detail multiple command-injection flaws in LoadMaster commands (delapikey, getcipherset, listapikeys, delcert, addapikey) where unsanitized user data is p...

CVE-2026-3519

Summary: The provided connected CVEs describe OS Command Injection/Remote Code Execution vulnerabilities in Progress ADC products (LoadMaster, ECS Connection Manager, Object Scale Connection Manager, MOVEit WAF). Affected vectors involve unsanitized input in various commands or files (e.g., aclco...

CVE-2026-4048

CVE-2026-4048 : OS Command Injection RCE in Progress LoadMaster family (LoadMaster, ECS Connection Manager, Object Scale Connection Manager, MOVEit WAF UI). An authenticated attacker with high-level permissions (e.g., “All”) can execute arbitrary commands by exploiting unsanitized input in a cust...