Home
CRITICAL: 9.6 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HDefault status
unaffected
V7.2.60.0 (custom) before V7.2.63.2
affected
V7.2.45.12 (custom) before V7.2.54.18
affected
Default status
unaffected
V7.2.60.0 (custom) before V7.2.63.2
affected
Default status
unaffected
V7.2.60.0 (custom) before V7.2.63.2
affected
Default status
unaffected
V7.2.60.0 (custom) before V7.2.63.2
affected
Description
OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an un-authenticated attacker to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in multiple command endpoints
Problem types
CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')
Product status
V7.2.60.0 (custom) before V7.2.63.2
V7.2.45.12 (custom) before V7.2.54.18
V7.2.60.0 (custom) before V7.2.63.2
V7.2.60.0 (custom) before V7.2.63.2
V7.2.60.0 (custom) before V7.2.63.2
Credits
Jacky Yang and Syed Ibrahim Ahmed of TrendAI Research
References
community.progress.com/...-2026-CVE-2026-8037-CVE-2026-33691