Primary

Context

Progress LoadMaster OS Command Injection Remote Code Execution Vulnerability

Vulnerability

Patched

A remote code execution vulnerability has been identified in the Progress LoadMaster API. This issue arises from improper input sanitization in the 'aclcontrol' command, allowing authenticated attackers with 'VS Administration' permissions to execute arbitrary commands on the LoadMaster appliance. The vulnerability affects Progress LoadMaster GA versions through 7.2.62.2 and LTSF versions through 7.2.54.16.

Impact

Exploitation of this vulnerability allows for arbitrary command execution on the affected LoadMaster appliance.

Remediation

Users are advised to upgrade to Progress LoadMaster v7.2.63.1 or Progress LoadMaster LTSF v7.2.54.17. Instructions for upgrading can be found on the Progress Community LoadMaster Download Hub.

Added: Apr 20, 2026, 2:30 PM

Updated: Apr 20, 2026, 2:30 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

7.5

exploitability

5.0

remediation

7.7

relevance

6.3

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

7.5

exploitability

5.0

remediation

7.7

relevance

6.3

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Progress LoadMaster OS Command Injection Remote Code Execution Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Progress Kemp LoadMaster

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating