CVE Catalog

CVE-2026-8037

CriticalCVSS 9.6
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Very high risk
8.19%

94th percentile — higher than 94% of all known CVEs

Summary

An unauthenticated attacker can execute arbitrary OS commands on the LoadMaster appliance by injecting commands into unsanitized input at multiple API endpoints.

Risk Assessment

An attacker can gain full control of the LoadMaster appliance, compromising the confidentiality, integrity, and availability of data and services.

Recommendation

Apply the vendor patch immediately and restrict API access to trusted networks only.

Original NVD description (English source)

OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an un-authenticated attacker to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in multiple command endpoints

Vulnerability data from NVD (NIST) · CISA KEV · EPSS