Critical Vulnerability in Progress Kemp LoadMaster Under Active Exploitation

A critical security vulnerability in Progress Kemp LoadMaster, identified as CVE-2026-8037 with a CVSS score of 9.6, is currently being actively exploited. This flaw allows unauthenticated attackers to execute arbitrary commands on affected devices by exploiting unsanitized input in the API.

Progress Kemp LoadMaster is an application delivery controller and load balancer widely used by enterprises to manage network traffic across servers. The vulnerability resides in the ‘escape_quotes()’ function, which is intended to sanitize user input before it is passed into shell commands. However, due to improper handling, the function fails to null-terminate sanitized strings, leading to out-of-bounds reads into adjacent heap memory. Attackers can exploit this by sending specially crafted requests to the ‘/accessv2’ endpoint, manipulating heap memory to enable command injection.

eSentire’s Threat Response Unit (TRU) has observed exploitation attempts originating from IP addresses 192.42.116[.]58, 192.42.116[.]105, and 146.70.139[.]154. While these initial attempts have reportedly failed, the availability of a proof-of-concept exploit and detailed technical information is likely to spur further malicious activity targeting this vulnerability.

Progress has released patches to address this issue. Administrators are strongly advised to update their LoadMaster appliances to the latest versions to mitigate potential risks. Additionally, reviewing and restricting access to the API can further reduce exposure.

This incident underscores the critical importance of timely patch management and vigilant monitoring of network infrastructure. Given that LoadMaster operates at the network edge, vulnerabilities in such devices can serve as entry points for attackers, potentially leading to widespread compromise. Organizations should prioritize securing these systems to maintain the integrity and security of their networks.