Security · 2h ago
Active Exploitation of Critical Kemp LoadMaster Flaw Confirmed
A critical OS command injection vulnerability (CVE-2026-8037, CVSS 9.6) in Progress Kemp LoadMaster is being actively exploited. eSentire's Threat Response Unit detected exploitation attempts targeting the pre-authentication remote code execution flaw. Organizations using LoadMaster should apply patches immediately to prevent compromise.
Meridian48 take
The high CVSS score and active exploitation underscore the urgency, but the real story is how quickly attackers weaponize disclosed flaws before many organizations patch.
Read the full reporting
Progress Kemp LoadMaster Pre-Auth RCE Flaw Faces Active Exploitation Attempts →
The Hacker News
kemp-loadmastercommand-injection