CyberSecurityBoardThreat Intel · CVEs · Products
Critical CVEs

CVE-2026-8037: Progress Kemp LoadMaster Pre-Auth RCE

June 30, 2026

A critical OS command injection vulnerability in Progress Kemp LoadMaster, with a CVSS score of 9.6, allows unauthenticated attackers to execute arbitrary commands via the /accessv2 endpoint. The flaw stems from improper input handling in the escape_quotes() function, leading to out-of-bounds heap memory read. Active exploitation attempts have been observed since June 29, 2026.