Primary

Context

Progress LoadMaster OS Command Injection Remote Code Execution Vulnerability

Vulnerability

Patched

A remote code execution vulnerability has been identified in the Progress LoadMaster API. This issue arises from improper input sanitization in the 'killsession' command, allowing authenticated attackers with 'All' permissions to execute arbitrary commands on the LoadMaster appliance. The vulnerability affects Progress LoadMaster GA versions through 7.2.62.2 and LTSF versions through 7.2.54.16.

Impact

Exploitation of this vulnerability allows authenticated attackers to execute arbitrary commands on the LoadMaster appliance.

Remediation

Progress LoadMaster has released a patch for this vulnerability in version 7.2.63.1 for the GA channel and 7.2.54.17 for the LTSF channel. Instructions for upgrading are available on the Progress Community LoadMaster Download Hub.

Added: Apr 20, 2026, 2:34 PM

Updated: Apr 20, 2026, 2:34 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

7.5

exploitability

5.0

remediation

7.7

relevance

6.3

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

7.5

exploitability

5.0

remediation

7.7

relevance

6.3

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Progress LoadMaster OS Command Injection Remote Code Execution Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Progress Kemp LoadMaster

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating