Bottom line: Unauthenticated remote code execution with root privileges in Kemp LoadMaster (CVE-2026-8037, CVSS 9.8) – immediate patches required if API is active.
A critical vulnerability in Progress Kemp LoadMaster (CVE-2026-8037) allows unauthenticated attackers to execute arbitrary commands with root privileges. Progress has made a patch available.
The vulnerability CVE-2026-8037 affects the API of Kemp LoadMaster and is rated with a CVSS score of 9.8. An unauthenticated attacker can execute arbitrary code with root privileges on the appliance through a manipulated API request.
For CISOs, this represents a significant security risk: LoadMaster instances with the API enabled are immediately at risk, since the vulnerability requires no prior authentication. Remote compromise of the system is possible directly from the Internet if the API is exposed.
Progress has provided a patch. Organizations operating LoadMaster should immediately verify whether the API is enabled and perform an update. The severity and lack of an authentication barrier require immediate action.
Source: thehackernews.com · Published June 30, 2026
Lumi AI News — AI-assisted curation in accordance with Article 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.2.