Progress LoadMaster CVE-2026-8037 patch release
Security Patch Release
Summary
Hide ▲
Show ▼
Progress published fixed LoadMaster versions for CVE-2026-8037, closing a pre-auth root command execution path on appliances with the API enabled. Administrators running GA v7.2.63.1 and older or LTSF v7.2.54.17 and older need to move to GA v7.2.63.2 or LTSF v7.2.54.18.
Related Happenings
Linux kernel maintainers security patch release for CVE-2026-43503
Security Patch Release
H score34
First: 26.06.2026 14:51
Last: 26.06.2026 14:51
Sources 1
About this happening:
**Linux kernel** merged and shipped the **DirtyClone** security fix for **CVE-2026-43503**, closing a **CVSS 8.8** local privilege-escalation path that could let affected systems...
Linux kernel maintainers security patch release for CVE-2026-43503
Security Patch ReleaseAbout this happening: **Linux kernel** merged and shipped the **DirtyClone** security fix for **CVE-2026-43503**, closing a **CVSS 8.8** local privilege-escalation path that could let affected systems...
Ivanti security patch release for CVE-2026-8043
Security Patch Release
H score25
First: 18.05.2026 13:54
Last: 18.05.2026 13:54
Sources 1
About this happening:
**Ivanti, Fortinet, SAP, Broadcom, and n8n** released **security fixes** on **2026-05-18** for flaws that could enable **authentication bypass**, **remote code execution**, **SQL...
Ivanti security patch release for CVE-2026-8043
Security Patch ReleaseAbout this happening: **Ivanti, Fortinet, SAP, Broadcom, and n8n** released **security fixes** on **2026-05-18** for flaws that could enable **authentication bypass**, **remote code execution**, **SQL...
Linux kernel Dirty Frag patch release (CVE-2026-43284, CVE-2026-43500)
Security Patch Release
H score32
First: 11.05.2026 17:30
Last: 11.05.2026 17:30
Sources 1
About this happening:
**Major Linux distributions** are rolling out fixes for **Dirty Frag**, the **Linux kernel** patch release that covers **CVE-2026-43284** and **CVE-2026-43500**. The update matter...
Linux kernel Dirty Frag patch release (CVE-2026-43284, CVE-2026-43500)
Security Patch ReleaseAbout this happening: **Major Linux distributions** are rolling out fixes for **Dirty Frag**, the **Linux kernel** patch release that covers **CVE-2026-43284** and **CVE-2026-43500**. The update matter...
Progress Software security patch release for CVE-2026-4670
Security Patch Release
H score44
First: 04.05.2026 19:34
Last: 04.05.2026 19:34
Sources 1
About this happening:
**Progress Software** has released **MOVEit Automation** updates to fix **CVE-2026-4670** and **CVE-2026-5174**, including a **critical authentication bypass** that could expose e...
Progress Software security patch release for CVE-2026-4670
Security Patch ReleaseAbout this happening: **Progress Software** has released **MOVEit Automation** updates to fix **CVE-2026-4670** and **CVE-2026-5174**, including a **critical authentication bypass** that could expose e...
Linux distributions mitigation advisories for CVE-2026-31431
Advisory/Mitigation
H score39
First: 30.04.2026 12:24
Last: 30.04.2026 12:24
Sources 1
About this happening:
Multiple **Linux distributions** released advisories for **CVE-2026-31431**, adding mitigation guidance for a **Linux kernel local privilege escalation** that can let an unprivile...
Linux distributions mitigation advisories for CVE-2026-31431
Advisory/MitigationAbout this happening: Multiple **Linux distributions** released advisories for **CVE-2026-31431**, adding mitigation guidance for a **Linux kernel local privilege escalation** that can let an unprivile...
Timeline
-
30.06.2026 10:38 1 articles · 4h ago
TrendAI Research reports LoadMaster CVE-2026-8037 to Progress through ZDI
Initial DisclosureSyed Ibrahim Ahmed of TrendAI Research reported CVE-2026-8037 to Progress through the Zero Day Initiative after identifying a critical LoadMaster API flaw that lets an unauthenticated attacker execute root commands through a crafted request.
Show sources
- Progress Kemp LoadMaster Flaw Could Let Attackers Run Root Commands Pre-Auth — thehackernews.com — 30.06.2026 10:38
-
30.06.2026 10:38 2 articles · 4h ago
Progress publishes LoadMaster advisory and fixed versions for CVE-2026-8037
Mitigation Patch UpdateProgress published its advisory for CVE-2026-8037, said it had not received exploitation reports, and released fixed LoadMaster versions GA v7.2.63.2 and LTSF v7.2.54.18 for API-enabled appliances.
Show sources
- Progress Kemp LoadMaster Flaw Could Let Attackers Run Root Commands Pre-Auth — thehackernews.com — 30.06.2026 10:38
- Progress Kemp LoadMaster Flaw Could Let Attackers Run Root Commands Pre-Auth — thehackernews.com — 30.06.2026 10:38
-
30.06.2026 10:38 1 articles · 4h ago
ZDI coordinates the public advisory release for LoadMaster CVE-2026-8037
Initial DisclosureZero Day Initiative coordinated the public advisory release for CVE-2026-8037, making the LoadMaster flaw publicly visible after Progress had already issued the vendor advisory and fixed versions.
Show sources
- Progress Kemp LoadMaster Flaw Could Let Attackers Run Root Commands Pre-Auth — thehackernews.com — 30.06.2026 10:38
-
30.06.2026 10:38 1 articles · 4h ago
watchTowr Labs publishes LoadMaster exploit-chain analysis and working proof of concept
Technical Analysis UpdatewatchTowr Labs published a detailed technical breakdown of the LoadMaster exploit chain and a working proof of concept for CVE-2026-8037, showing how crafted API requests can reach root command execution.
Show sources
- Progress Kemp LoadMaster Flaw Could Let Attackers Run Root Commands Pre-Auth — thehackernews.com — 30.06.2026 10:38
-
30.06.2026 10:38 1 articles · 4h ago
Public coverage urges immediate LoadMaster updates for CVE-2026-8037
Untyped PhasePublic coverage on June 30 described CVE-2026-8037 as a critical LoadMaster API flaw, noted that Progress has not received exploitation reports, and reiterated that administrators should move to GA v7.2.63.2 or LTSF v7.2.54.18 immediately.
Show sources
- Progress Kemp LoadMaster Flaw Could Let Attackers Run Root Commands Pre-Auth — thehackernews.com — 30.06.2026 10:38