Volerion logoVolerion
Volerion logoVolerion

Progress LoadMaster OS Command Injection Remote Code Execution Vulnerability

Vulnerability

A remote code execution vulnerability has been identified in the Progress LoadMaster API. This issue arises from unsanitized input in the API parameters, allowing an authenticated attacker with 'User Administration' permissions to execute arbitrary commands on the LoadMaster appliance.

Impact

Exploitation of this vulnerability allows for command injection, enabling authenticated attackers to execute arbitrary commands on the affected LoadMaster appliance.

Remediation

A patch for this vulnerability has been released and is available for download. Instructions for updating LoadMaster can be found in the 'Updating the LoadMaster Software' technical note on the Progress Community Portal. Customers under a current support contract can also contact Progress Technical Support for assistance.

Added: Jan 13, 2026, 3:26 PM
Updated: Jan 13, 2026, 3:26 PM

Vulnerability Rating

Custom Algorithm
spread
5.2
impact
7.5
exploitability
5.0
remediation
8.3
relevance
2.0
threat
0.0
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.