Gallery

Contacts

405 W. Greenlawn Ave Lansing, Michigan 48910

contact@techjacksolutions.com

+1-616-320-4064

A CVSS 9.5 unauthenticated remote code execution vulnerability in Progress Kemp LoadMaster, tracked as CVE-2026-8037, allows an attacker with network access to the management interface to execute arbitrary commands as root without any credentials. A public proof-of-concept was published by watchTowr Labs on June 29, 2026, materially narrowing the window before exploitation attempts are likely. Organizations running LoadMaster GA v7.2.63.1 or older, or LTSF v7.2.54.17 or older, should treat patching as an emergency action. A co-disclosed vulnerability, CVE-2026-33691, is also addressed in the same patch. The predecessor vulnerability on this same product, CVE-2024-1212 (CVSS 10.0), experienced confirmed in-the-wild exploitation and CISA KEV listing.

Author

Tech Jacks Solutions