INSPECTING ARCHIVED INTELLIGENCE (OUTDATED VERSION).

Progress Kemp LoadMaster Pre-Auth RCE Flaw Faces Active Exploitation

| 2026-07-01 13:56 CRITICAL HIGH
Executive Summary AI-generated
The Canadian cybersecurity company has identified exploitation attempts targeting CVE-2026-8037, a critical operating system command injection flaw that could be exploited to achieve arbitrary code execution on susceptible devices. The vulnerability is believed to have been active in the immediate future due to the availability of proof-of-concept exploit and detailed technical specifics. Progress Kemp LoadMaster Pre-Auth RCE Flaw Faces Active Exploitation Attempts, an advisory from eSentire's Threat Response Unit (TRU) indicates that malicious activity against CVE-2026-8037 is expected in the near future. The attack attempts originate from IP addresses associated with other high-severity vulnerabilities, including CVE-2024-1212 and CVSS score 10.0.
Technical Mitigations AI-generated
* Implement proper input sanitization and validation mechanisms to prevent exploitation of the CVE-2026-8037 vulnerability. This includes ensuring that user-supplied input is properly sanitized before being passed into a shell command. * Regularly update and patch affected systems, including Progress Kemp LoadMaster, to ensure they have the latest security fixes and patches. * Implement secure API access controls, such as rate limiting or IP blocking, to prevent attackers from exploiting vulnerabilities like CVE-2026-8037 by sending crafted requests to the /accessv2 endpoint. * Monitor system logs and network traffic for signs of exploitation attempts targeting the CVE-2026-8037 vulnerability. This can help identify potential security incidents early on. * Consider implementing a secure coding practice, such as using parameterized queries or prepared statements, when interacting with user input in sensitive applications like Progress Kemp LoadMaster to prevent similar vulnerabilities from occurring in the future.
Intelligence Metadata
Actors / Malware / CVEs / Campaigns
CVE-2024-1212CVE-2024-1212 CVE-2026-33691CVE-2026-33691 CVE-2026-8037CVE-2026-8037
Target & Sectors
Global Scope
Incident Timeline
‎November 2024
Threat actors used a previously known command injection flaw in the Progress Kemp LoadMaster to target an active exploitation attempt.
vulnerability CVE-2024-1212
vulnerability CVSS 10.0
attribution CISA
attribution Known Exploited
tactic T1588.006 - Vulnerabilities
‎April 2026
Progress patched five high-severity LoadMaster flaws in April 2026, including four command injection issues.
‎April 15, 2026
Threat actors used a Progress LoadMaster Pre-Auth RCE flaw to target Syed Ibrahim Ahmed of TrendAI Research.
‎2026/06/01
Threat actors used a Progress LoadMaster Pre-Auth RCE flaw to exploit an OS Command Injection vulnerability in the API.
tactic Remote Code Execution
organisation Progress LoadMaster
organisation LoadMaster
‎June 4
Progress Kemp LoadMaster has published an advisory on June 4 stating it has not received any reports of exploitation.
‎June 9
Threat actors exploited a Progress Kemp LoadMaster Pre-Auth RCE flaw on June 9.
‎June 29, 2026
Threat actors used the PoC exploit for CVE-2026-8037 in Progress Progress Kemp LoadMaster to target IP addresses 192.42.116[.]58, 192.42.116[.]105 and 146.70.139[.]154 on June 29, 2026.
organisation PoC
organisation IP
organisation Progress Progress Kemp LoadMaster
‎June 29
Researchers at watchTowr Labs published a technical write-up on June 29 detailing the proof of concept for the Progress Kemp LoadMaster Pre-Auth RCE flaw.
‎Jun 30, 2026
Threat actors exploited a previously unknown vulnerability in the Progress Kemp LoadMaster, allowing them to gain unauthorized access and potentially execute malicious code.
‎Jul 01, 2026
Threat actors used a Progress Kemp LoadMaster Pre-Auth RCE flaw in the identified operating system to target CVE-2026-8037.
‎2026/07/01
Progress Kemp LoadMaster Pre-Auth RCE Flaw Faces Active Exploitation Attempts.
organisation CVSS
organisation LoadMaster
organisation Progress Kemp
organisation Vulnerability / Network Security
organisation Progress Kemp LoadMaster
organisation eSentire
organisation Threat Response Unit (TRU
organisation Cl0p
infrastructure 2.63.1
infrastructure 2.54.17
organisation Affected Versions
infrastructure 2.63.2
infrastructure 2.54.18
organisation Progress
organisation Vulnerability / API Security
organisation Progress Kemp LoadMaster
organisation API
organisation The
Tactical Metrics
Metrics
infrastructure
‎2.63.1
Software Version
Metrics
infrastructure
‎2.54.17
Software Version
Metrics
infrastructure
‎2.63.2
Software Version
Metrics
infrastructure
‎2.54.18
Software Version
Intelligence Sources