CVE-2026-3518

HIGH

OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “All” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the 'killsession' command

CVSS v3.1 Score

8.4

/ 10.0

HIGH

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Information

Published: 20 avr. 2026
Updated: 1 mai 2026
Status: Analyzed
Source: security@progress.com

Affected products

progress connection manager for objectscale

Versions : 7.2.63.1

progress ecs connection manager

Versions : 7.2.63.1

progress loadmaster

Versions : 7.2.54.17, 7.2.63.1

Weaknesses (CWE)

CWE-77

References (1)

https://community.progress.com/s/article/LoadMaster-Security-Vulnerabilites-CVE-2026-3517-CVE-2026-3518-CVE-2026-3519-CVE-2026-4048-CVE-2026-21876
PatchVendor Advisory

Similar CVEs

Other vulnerabilities of type CWE-77

Loading…

Monitor your products

Get automatic alerts for every new CVE affecting your equipment.

Enable monitoring