Critical Progress Kemp LoadMaster Flaw Under Active Exploitation: Unauthenticated RCE Risk
A severe operating system command injection vulnerability in **Progress Kemp LoadMaster** (CVE-2026-8037) is now being actively exploited, posing a significant risk of unauthenticated remote code execution. Cybersecurity firm **eSentire** reports observing exploitation attempts targeting the flaw, which carries a CVSS score of 9.6.

A recently disclosed critical security flaw impacting **Progress Kemp LoadMaster** is seeing active exploitation attempts, according to an advisory from **eSentire**'s Threat Response Unit (**TRU**).
The Canadian cybersecurity company said it identified exploitation attempts targeting **CVE-2026-8037** (CVSS score: 9.6), an operating system (OS) command injection flaw that could be exploited to achieve arbitrary code execution on susceptible devices. The exploitation activity commenced on June 29, 2026.
### The Vulnerability Explained
**Progress** detailed the flaw in an advisory released early last month: "OS Command Injection Remote Code Execution Vulnerability in API in **Progress LoadMaster** allows an unauthenticated attacker with permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input."
An analysis by **watchTowr Labs** described the flaw as rooted in a function named "escape_quotes()" within the load balancer application, stemming from improper handling of user-supplied input. The function failed to properly null-terminate sanitized strings, leading to an out-of-bounds read into adjacent heap memory.
Attackers can weaponize this loophole by issuing specially crafted requests to the "/accessv2" endpoint, manipulating heap memory to enable command injection. The impact is severe, allowing an unauthenticated attacker to run arbitrary commands on the affected appliance without valid credentials.
### Observed Exploitation Attempts
**eSentire** noted that the exploitation efforts it observed ended in failure, preventing any post-compromise activity. However, the availability of a proof-of-concept (PoC) exploit and detailed technical specifics is expected to drive increased malicious activity against **CVE-2026-8037** in the immediate future.
Attack attempts have been observed originating from the following IP addresses:
* 192.42.116[.]58
* 192.42.116[.]105
* 146.70.139[.]154
**CVE-2026-8037** is the second **Progress Kemp LoadMaster** flaw to witness active exploitation efforts, following **CVE-2024-1212** (CVSS score: 10.0), another critical OS command injection vulnerability that could be abused for arbitrary system command execution.