CVE-2026-4048

HIGH

OS Command Injection Remote Code Execution Vulnerability in UI in Progress ADC Products allows an authenticated attacker with “All” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in a custom WAF rule file during the file upload process.

CVSS v3.1 Score

8.4

/ 10.0

HIGH

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Information

Published: 20 avr. 2026
Updated: 1 mai 2026
Status: Analyzed
Source: security@progress.com

Affected products

progress connection manager for objectscale

Versions : 7.2.63.1

progress ecs connection manager

Versions : 7.2.63.1

progress loadmaster

Versions : 7.2.54.17, 7.2.63.1

Weaknesses (CWE)

CWE-77

References (1)

https://community.progress.com/s/article/LoadMaster-Security-Vulnerabilites-CVE-2026-3517-CVE-2026-3518-CVE-2026-3519-CVE-2026-4048-CVE-2026-21876
Vendor AdvisoryPatch

Similar CVEs

Other vulnerabilities of type CWE-77

Loading…

Monitor your products

Get automatic alerts for every new CVE affecting your equipment.

Enable monitoring