Primary

Context

Progress LoadMaster OS Command Injection Remote Code Execution Vulnerability

Vulnerability

Patched

A remote code execution vulnerability has been identified in the Progress LoadMaster API. This issue arises from OS command injection that exploits unsanitized input in the API parameters. The vulnerability affects authenticated users with 'User Administration' permissions, allowing them to execute arbitrary commands on the LoadMaster appliance.

Impact

Exploitation of this vulnerability allows for remote code execution on the affected LoadMaster appliance.

Remediation

A patch for this vulnerability has been released and is available for download. Instructions for updating LoadMaster can be found in the LoadMaster Technical Note on Updating the LoadMaster Software.

Added: Jan 13, 2026, 3:24 PM

Updated: Jan 13, 2026, 3:24 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

7.5

exploitability

5.0

remediation

8.3

relevance

2.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

7.5

exploitability

5.0

remediation

8.3

relevance

2.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Progress LoadMaster OS Command Injection Remote Code Execution Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Progress LoadMaster

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating