Primary

Context

Progress LoadMaster OS Command Injection Remote Code Execution Vulnerability

Vulnerability

Patched

A remote code execution vulnerability has been identified in the Progress LoadMaster API. This issue allows authenticated attackers with 'Geo Administration' permissions to execute arbitrary commands on the LoadMaster appliance. The vulnerability arises from unsanitized input in the 'addcountry' command, which can be exploited by manipulating the command's data. This vulnerability affects Progress LoadMaster GA versions through 7.2.62.2 and LTSF versions through 7.2.54.16.

Impact

Exploitation of this vulnerability allows for arbitrary command execution on the affected LoadMaster appliance.

Remediation

Progress has developed a patch for this vulnerability, which will be distributed to customers on April 20, 2026. Customers on a current maintenance agreement can access the upgrade through the Progress Community LoadMaster Download Hub. Those not on a maintenance agreement should contact a Progress Sales Representative or their respective Partner.

Added: Apr 20, 2026, 2:32 PM

Updated: Apr 20, 2026, 2:32 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

7.5

exploitability

5.0

remediation

7.7

relevance

6.3

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

7.5

exploitability

5.0

remediation

7.7

relevance

6.3

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Progress LoadMaster OS Command Injection Remote Code Execution Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Progress Kemp LoadMaster

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating