INSPECTING ARCHIVED INTELLIGENCE (OUTDATED VERSION).
Progress Kemp LoadMaster Pre-Auth RCE Flaw Faces Active Exploitation
| 2026-07-01 13:56 CRITICAL HIGHExecutive Summary AI-generated
The Canadian cybersecurity company has identified exploitation attempts targeting CVE-2026-8037, a critical operating system command injection flaw that could be exploited to achieve arbitrary code execution on susceptible devices. The vulnerability is believed to have been active in the immediate future due to the availability of proof-of-concept exploit and detailed technical specifics. Progress Kemp LoadMaster Pre-Auth RCE Flaw Faces Active Exploitation Attempts, an advisory from eSentire's Threat Response Unit (TRU) indicates that malicious activity against CVE-2026-8037 is expected in the near future. The attack attempts originate from IP addresses associated with other high-severity vulnerabilities, including CVE-2024-1212 and CVSS score 10.0.
Technical Mitigations AI-generated
* Implement proper input sanitization and validation mechanisms to prevent exploitation of the CVE-2026-8037 vulnerability. This includes ensuring that user-supplied input is properly sanitized before being passed into a shell command.
* Regularly update and patch affected systems, including Progress Kemp LoadMaster, to ensure they have the latest security fixes and patches.
* Implement secure API access controls, such as rate limiting or IP blocking, to prevent attackers from exploiting vulnerabilities like CVE-2026-8037 by sending crafted requests to the /accessv2 endpoint.
* Monitor system logs and network traffic for signs of exploitation attempts targeting the CVE-2026-8037 vulnerability. This can help identify potential security incidents early on.
* Consider implementing a secure coding practice, such as using parameterized queries or prepared statements, when interacting with user input in sensitive applications like Progress Kemp LoadMaster to prevent similar vulnerabilities from occurring in the future.
Intelligence Metadata
Actors / Malware / CVEs / Campaigns
CVE-2024-1212CVE-2024-1212
CVE-2026-33691CVE-2026-33691
CVE-2026-8037CVE-2026-8037
Target & Sectors
Global Scope
Incident Timeline
November 2024
Threat actors used a previously known command injection flaw in the Progress Kemp LoadMaster to target an active exploitation attempt.
Click on any entity below to view its context and source!
vulnerability
CVE-2024-1212
In November 2024, CISA
added a previous LoadMaster command injection flaw
(CVE-2024-1212, CVSS 10.0) to its Known Exploited Vulnerabilities catalog after confirmed exploitation in the wild.
vulnerability
CVSS 10.0
In November 2024, CISA
added a previous LoadMaster command injection flaw
(CVE-2024-1212, CVSS 10.0) to its Known Exploited Vulnerabilities catalog after confirmed exploitation in the wild.
attribution
CISA
In November 2024, CISA
added a previous LoadMaster command injection flaw
(CVE-2024-1212, CVSS 10.0) to its Known Exploited Vulnerabilities catalog after confirmed exploitation in the wild.
attribution
Known Exploited
In November 2024, CISA
added a previous LoadMaster command injection flaw
(CVE-2024-1212, CVSS 10.0) to its Known Exploited Vulnerabilities catalog after confirmed exploitation in the wild.
tactic
T1588.006 - Vulnerabilities
In November 2024, CISA
added a previous LoadMaster command injection flaw
(CVE-2024-1212, CVSS 10.0) to its Known Exploited Vulnerabilities catalog after confirmed exploitation in the wild.
April 2026
Progress patched five high-severity LoadMaster flaws in April 2026, including four command injection issues.
April 15, 2026
Threat actors used a Progress LoadMaster Pre-Auth RCE flaw to target Syed Ibrahim Ahmed of TrendAI Research.
2026/06/01
Threat actors used a Progress LoadMaster Pre-Auth RCE flaw to exploit an OS Command Injection vulnerability in the API.
Click on any entity below to view its context and source!
tactic
Remote Code Execution
"OS Command Injection Remote Code Execution Vulnerability in API in Progress LoadMaster allows an unauthenticated attacker with permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input," Progress
said
in an advisory for the vulnerability released early last month.
organisation
Progress LoadMaster
"OS Command Injection Remote Code Execution Vulnerability in API in Progress LoadMaster allows an unauthenticated attacker with permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input," Progress
said
in an advisory for the vulnerability released early last month.
organisation
LoadMaster
"OS Command Injection Remote Code Execution Vulnerability in API in Progress LoadMaster allows an unauthenticated attacker with permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input," Progress
said
in an advisory for the vulnerability released early last month.
June 4
Progress Kemp LoadMaster has published an advisory on June 4 stating it has not received any reports of exploitation.
June 9
Threat actors exploited a Progress Kemp LoadMaster Pre-Auth RCE flaw on June 9.
June 29, 2026
Threat actors used the PoC exploit for CVE-2026-8037 in Progress Progress Kemp LoadMaster to target IP addresses 192.42.116[.]58, 192.42.116[.]105 and 146.70.139[.]154 on June 29, 2026.
Click on any entity below to view its context and source!
organisation
PoC
However, the availability of a proof-of-concept (PoC) exploit and detailed technical specifics is expected to drive malicious activity against CVE-2026-8037 in the immediate future.
organisation
IP
The attack attempts originate from the following IP addresses -
192.42.116[.]58
192.42.116[.]105
146.70.139[.]154
CVE-2026-8037 is the second Progress Progress Kemp LoadMaster flaw to witness active exploitation efforts after
CVE-2024-1212
(CVSS score: 10.0), another critical OS command injection vulnerability that could be abused for arbitrary system command execution.
organisation
Progress Progress Kemp LoadMaster
The attack attempts originate from the following IP addresses -
192.42.116[.]58
192.42.116[.]105
146.70.139[.]154
CVE-2026-8037 is the second Progress Progress Kemp LoadMaster flaw to witness active exploitation efforts after
CVE-2024-1212
(CVSS score: 10.0), another critical OS command injection vulnerability that could be abused for arbitrary system command execution.
June 29
Researchers at watchTowr Labs published a technical write-up on June 29 detailing the proof of concept for the Progress Kemp LoadMaster Pre-Auth RCE flaw.
Jun 30, 2026
Threat actors exploited a previously unknown vulnerability in the Progress Kemp LoadMaster, allowing them to gain unauthorized access and potentially execute malicious code.
Jul 01, 2026
Threat actors used a Progress Kemp LoadMaster Pre-Auth RCE flaw in the identified operating system to target CVE-2026-8037.
2026/07/01
Progress Kemp LoadMaster Pre-Auth RCE Flaw Faces Active Exploitation Attempts.
Click on any entity below to view its context and source!
organisation
CVSS
The flaw, tracked as
CVE-2026-8037
, carries a CVSS score of
9.8 according to ZDI
.
organisation
LoadMaster
If you run LoadMaster with the API enabled, update now.
organisation
Progress Kemp
Progress Kemp LoadMaster Pre-Auth RCE Flaw Faces Active Exploitation Attempts.
organisation
Vulnerability / Network Security
Ravie Lakshmanan
Jul 01, 2026
Vulnerability / Network Security
A recently disclosed critical security flaw impacting Progress Kemp LoadMaster is seeing active exploitation attempts, according to an
advisory
from eSentire's Threat Response Unit (TRU).
organisation
Progress Kemp LoadMaster
Ravie Lakshmanan
Jul 01, 2026
Vulnerability / Network Security
A recently disclosed critical security flaw impacting Progress Kemp LoadMaster is seeing active exploitation attempts, according to an
advisory
from eSentire's Threat Response Unit (TRU).
organisation
eSentire
Ravie Lakshmanan
Jul 01, 2026
Vulnerability / Network Security
A recently disclosed critical security flaw impacting Progress Kemp LoadMaster is seeing active exploitation attempts, according to an
advisory
from eSentire's Threat Response Unit (TRU).
organisation
Threat Response Unit (TRU
Ravie Lakshmanan
Jul 01, 2026
Vulnerability / Network Security
A recently disclosed critical security flaw impacting Progress Kemp LoadMaster is seeing active exploitation attempts, according to an
advisory
from eSentire's Threat Response Unit (TRU).
organisation
Cl0p
Progress is also the maker of MOVEit, whose 2023 vulnerabilities fueled a mass exploitation campaign by the Cl0p ransomware group.
infrastructure
2.63.1
Affected Versions and Fix
The flaw affects LoadMaster GA v7.2.63.1 and older, and LTSF v7.2.54.17 and older, when the API is enabled.
infrastructure
2.54.17
Affected Versions and Fix
The flaw affects LoadMaster GA v7.2.63.1 and older, and LTSF v7.2.54.17 and older, when the API is enabled.
organisation
Affected Versions
Affected Versions and Fix
The flaw affects LoadMaster GA v7.2.63.1 and older, and LTSF v7.2.54.17 and older, when the API is enabled.
infrastructure
2.63.2
Progress has released fixed versions: GA v7.2.63.2 and LTSF v7.2.54.18.
infrastructure
2.54.18
Progress has released fixed versions: GA v7.2.63.2 and LTSF v7.2.54.18.
organisation
Progress
Progress also patched a second, high-severity flaw in the same advisory: CVE-2026-33691, a WAF bypass where whitespace padding in filenames could circumvent file upload extension checks.
organisation
Vulnerability / API Security
Swati Khandelwal
Jun 30, 2026
Vulnerability / API Security
A critical vulnerability in Progress Kemp LoadMaster can let an unauthenticated attacker execute arbitrary commands as root on the appliance by sending a crafted request to its API.
organisation
Progress Kemp LoadMaster
Swati Khandelwal
Jun 30, 2026
Vulnerability / API Security
A critical vulnerability in Progress Kemp LoadMaster can let an unauthenticated attacker execute arbitrary commands as root on the appliance by sending a crafted request to its API.
organisation
API
Swati Khandelwal
Jun 30, 2026
Vulnerability / API Security
A critical vulnerability in Progress Kemp LoadMaster can let an unauthenticated attacker execute arbitrary commands as root on the appliance by sending a crafted request to its API.
organisation
The
The
Canadian Centre for Cyber Security
has also issued an advisory urging administrators to apply the updates.
Tactical Metrics
Metrics
infrastructure
2.63.1
Software Version
Click for context!
Affected Versions and Fix
The flaw affects LoadMaster GA v7.2.63.1 and older, and LTSF v7.2.54.17 and older, when the API is enabled.
Metrics
infrastructure
2.54.17
Software Version
Affected Versions and Fix
The flaw affects LoadMaster GA v7.2.63.1 and older, and LTSF v7.2.54.17 and older, when the API is enabled.
Metrics
infrastructure
2.63.2
Software Version
Progress has released fixed versions: GA v7.2.63.2 and LTSF v7.2.54.18.
Metrics
infrastructure
2.54.18
Software Version
Progress has released fixed versions: GA v7.2.63.2 and LTSF v7.2.54.18.
Intelligence Sources
The Hacker News
2026-06-30
The Hacker News
2026-07-01
Unpublish from Social Media?
Are you sure you want to delete this podcast video from all synchronized social networks (YouTube, Facebook, Threads)?
Important:
Due to Meta API restrictions, Instagram Reels cannot be deleted automatically via API by third-party apps.
View Profile to Delete Manually
View Profile to Delete Manually
Tactical Intelligence
Report Intelligence Issue
Podcast Options
Generate
Incident Version History
CURRENT VERSION
Last Updated: 2026-07-02T06:02
Comprehensive Tactical Telemetry
Highly Correlated Entities
19x
organisation
Identified Entity
Progress LoadMaster
entity
11x
timeline
Temporal Reference
Jul 01, 2026
date
4x
infrastructure
Software Version
2.63.1
version
3x
vulnerability
Exploited CVE
CVE-2026-8037
cve
2x
tactic
Cyber Operation Type
Remote Code Execution
tactic
2x
vulnerability
CVSS Score
10
score
2x
attribution
Attributing Entity
CISA
authority
Contextual Telemetry
Context Block
6 METRICS
source region
Origin Country
Canada
country
general metric
Score
10
score
general metric
Jul
1
jul
general metric
Vulnerabilities
2,023
vulnerabilities
tactic
MITRE ATT&CK Technique
T1588.006 - Vulnerabilities
technique
general metric
Khandelwal Jun
30
khandelwal jun
Click on any entity below to view its context in the main text!
Selective Unpublish
Selecciona las redes de las que quieres eliminar esta publicación. El sistema intentará borrar el post real de la API y limpiará la base de datos para que puedas volver a lanzarlo.
By navigating this website, you accept the use of strictly necessary technical cookies for session security and basic platform functionality. We do not use tracking or advertising cookies.
Read our Privacy Policy.