A critical security vulnerability in Progress Kemp LoadMaster is currently being actively exploited as per a recent advisory by eSentire’s Threat Response Unit (TRU). This flaw, identified as CVE-2026-8037 with a CVSS score of 9.6, involves an OS command injection issue that could permit unauthorized code execution on targeted devices. These exploitation attempts reportedly began on June 29, 2026.
Details of the Vulnerability
The vulnerability, as detailed by Progress, is an OS Command Injection Remote Code Execution Vulnerability present in the LoadMaster’s API. This flaw allows an attacker, without authentication, to run arbitrary commands on the appliance by leveraging unsanitized input, posing a significant risk to affected systems.
WatchTowr Labs provided further insight, noting that the issue originates from a malfunction in the “escape_quotes()” function within the load balancer application. Specifically, the improper termination of sanitized strings results in out-of-bounds memory access. This vulnerability can be exploited to manipulate heap memory via crafted requests to the “/accessv2” endpoint.
Potential Impact and Observed Exploitation
The exploit’s potential impact is severe, enabling attackers to execute commands on compromised appliances without needing valid credentials. Despite observed attempts by eSentire, these efforts have so far been unsuccessful, preventing any subsequent malicious activities. However, the existence of a proof-of-concept (PoC) exploit and detailed technical data suggests that further malicious exploitation of CVE-2026-8037 is likely imminent.
Comparison with Previous Vulnerabilities
This recent flaw is the second significant vulnerability affecting Progress Kemp LoadMaster to face active exploitation. Previously, CVE-2024-1212, another OS command injection vulnerability with a CVSS score of 10.0, was similarly targeted for arbitrary command execution.
Current attack attempts have been traced back to specific IP addresses, including 192.42.116[.]58, 192.42.116[.]105, and 146.70.139[.]154, indicating organized exploitation efforts.
In conclusion, the active targeting of CVE-2026-8037 underscores the critical need for organizations to promptly address security vulnerabilities in their systems. As the threat landscape evolves, immediate attention and remediation strategies are essential to safeguard against potential exploitation.
