Loadmaster@* Security Vulnerabilities and Issues — Loadmaster@* CVE List

ProgressLoadmaster*

7 matches found

CVE•added 2024/05/02 2:8 p.m.•82 views

CVE-2024-3544

CVE-2024-3544 concerns Kemp LoadMaster in HA/Cluster partner communications. The vulnerability allows unauthenticated attackers who share network access to the affected machine to perform actions using SSH private keys. Root cause is insufficient authentication between partners during communicati...

7.5CVSS6.8AI score0.00242EPSS

CVE•added 2026/04/20 1:22 p.m.•39 views

CVE-2026-3517

CVE-2026-4048: OS Command Injection / Remote Code Execution in Progress LoadMaster UI (and related components: ECS Connection Manager, Object Scale Connection Manager & MOVEit WAF). An authenticated attacker with All permissions can execute arbitrary commands on the LoadMaster appliance by exploi...

8.4CVSS6.4AI score0.03984EPSS

CVE•added 2026/04/20 1:29 p.m.•17 views

CVE-2026-3518

CVE-2026-4048, CVE-2026-3518, and CVE-2026-3519 are Progress LoadMaster family command-injection/RCE vulnerabilities. Each allows an authenticated attacker with specific permissions to execute arbitrary commands on LoadMaster appliances by supplying unsanitized input via different entry points: C...

8.4CVSS6.4AI score0.03984EPSS

CVE•added 2026/01/13 2:31 p.m.•12 views

CVE-2025-13447

CVE-2025-13447 corresponds to a remote code execution via OS Command Injection in Progress LoadMaster API. The connected ZDI advisories detail multiple command-injection flaws (delapikey, delcert, listapikeys, addapikey, getcipherset) that allow authenticated network-adjacent attackers to execute...

8.4CVSS7.7AI score0.00156EPSS

CVE•added 2026/01/13 2:26 p.m.•9 views

CVE-2025-13444

The CVE-2025-13444 family concerns OS Command Injection / Remote Code Execution in Progress Software Kemp LoadMaster. Connected ZDI advisories detail multiple command-injection flaws in LoadMaster commands (delapikey, getcipherset, listapikeys, delcert, addapikey) where unsanitized user data is p...

8.4CVSS7.7AI score0.00156EPSS

CVE•added 2026/04/20 1:32 p.m.•7 views

CVE-2026-3519

Summary: The provided connected CVEs describe OS Command Injection/Remote Code Execution vulnerabilities in Progress ADC products (LoadMaster, ECS Connection Manager, Object Scale Connection Manager, MOVEit WAF). Affected vectors involve unsanitized input in various commands or files (e.g., aclco...

8.4CVSS6.4AI score0.03984EPSS

CVE•added 2026/04/20 1:36 p.m.•4 views

CVE-2026-4048

CVE-2026-4048 : OS Command Injection RCE in Progress LoadMaster family (LoadMaster, ECS Connection Manager, Object Scale Connection Manager, MOVEit WAF UI). An authenticated attacker with high-level permissions (e.g., “All”) can execute arbitrary commands by exploiting unsanitized input in a cust...

8.4CVSS6.4AI score0.00031EPSS