CVE-2026-3519

HIGH

OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “VS Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the 'aclcontrol' command

Score CVSS v3.1

8.4

/ 10.0

HIGH

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Informations

Publié: 20 avr. 2026
Mis à jour: 1 mai 2026
Statut: Analyzed
Source: security@progress.com

Produits affectés

progress connection manager for objectscale

Versions : 7.2.63.1

progress ecs connection manager

Versions : 7.2.63.1

progress loadmaster

Versions : 7.2.54.17, 7.2.63.1

Faiblesses (CWE)

CWE-77

Références (1)

https://community.progress.com/s/article/LoadMaster-Security-Vulnerabilites-CVE-2026-3517-CVE-2026-3518-CVE-2026-3519-CVE-2026-4048-CVE-2026-21876
PatchVendor Advisory

CVEs similaires

Autres vulnérabilités de type CWE-77

Loading…

Surveillez vos produits

Recevez une alerte automatique à chaque nouvelle CVE affectant vos équipements.

Activer la surveillance