Kemp LoadMaster RCE Flaw Under Active Exploitation
Progress Kemp LoadMaster is experiencing active exploitation attempts targeting a critical security flaw, according to an advisory from eSentire's Threat Response Unit (TRU). The cybersecurity firm identified exploitation attempts against CVE-2026-8037, which carries a CVSS score of 9.6. This vulnerability is an operating system (OS) command injection flaw that can be exploited without prior authentication.
The flaw allows an unauthenticated attacker to execute arbitrary OS commands on the affected LoadMaster devices. eSentire's TRU observed these exploitation attempts in the wild, indicating that threat actors are actively trying to compromise vulnerable systems. The advisory does not specify the exact date of the initial discovery or the observed exploitation, but it highlights the immediate risk to organizations using the affected Kemp LoadMaster products.
Progress Software, the parent company of Kemp, has acknowledged the vulnerability and released security advisories detailing the affected product versions and mitigation steps. While specific details on the exploit mechanism and the extent of successful compromises were not immediately available, the active exploitation underscores the urgency for users to apply available patches or implement workarounds. Organizations are advised to review their Kemp LoadMaster configurations and ensure they are running the latest patched versions to protect against potential breaches.
Original source — read the full reporting at the publisher:
Read on The Hacker News