GCVE - cpe:2.3:a:progress_software:loadmaster:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:progress_software:loadmaster:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Progress Software (`96c4320b-2c72-5331-bd5a-d39d72393793`)
Product	Loadmaster (`9e76e6b5-9965-5a64-8791-1e488a30da8d`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2026-4048`	vulnerable	2026-06-03 15:26:24.250300	OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster, ECS Connection Manager, Object Scale Connection Manager & MOVEit WAF HIGH (8.4) OS Command Injection Remote Code Execution Vulnerability in UI in Progress ADC Products allows an authenticated attacker with “All” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in a custom WAF rule file during the file upload process. Published: 2026-04-20T13:36:49.475Z Updated: 2026-04-22T03:55:54.495Z Open on db.gcve.eu Reference links https://community.progress.com/s/article/LoadMaster-Security-Vulnerabilites-CVE-2026-3517-CVE-2026-3518-CVE-2026-3519-CVE-2026-4048-CVE-2026-21876	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2026-3519`	vulnerable	2026-06-03 15:23:32.854996	OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster, ECS Connection Manager, Object Scale Connection Manager & MOVEit WAF HIGH (8.4) OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “VS Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the 'aclcontrol' command Published: 2026-04-20T13:32:50.259Z Updated: 2026-04-22T03:55:53.355Z Open on db.gcve.eu Reference links https://community.progress.com/s/article/LoadMaster-Security-Vulnerabilites-CVE-2026-3517-CVE-2026-3518-CVE-2026-3519-CVE-2026-4048-CVE-2026-21876	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2026-3518`	vulnerable	2026-06-03 15:23:32.854156	OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster, ECS Connection Manager, Object Scale Connection Manager & MOVEit WAF HIGH (8.4) OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “All” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the 'killsession' command Published: 2026-04-20T13:29:33.794Z Updated: 2026-04-22T03:55:52.242Z Open on db.gcve.eu Reference links https://community.progress.com/s/article/LoadMaster-Security-Vulnerabilites-CVE-2026-3517-CVE-2026-3518-CVE-2026-3519-CVE-2026-4048-CVE-2026-21876	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2026-3517`	vulnerable	2026-06-03 15:23:32.840734	OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster, ECS Connection Manager, Object Scale Connection Manager & MOVEit WAF HIGH (8.4) OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “Geo Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the 'addcountry' command Published: 2026-04-20T13:22:54.867Z Updated: 2026-04-22T03:55:51.123Z Open on db.gcve.eu Reference links https://community.progress.com/s/article/LoadMaster-Security-Vulnerabilites-CVE-2026-3517-CVE-2026-3518-CVE-2026-3519-CVE-2026-4048-CVE-2026-21876	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-13447`	vulnerable	2026-06-03 14:58:46.088708	OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster HIGH (8.4) OS Command Injection Remote Code Execution Vulnerability in API in Progress LoadMaster allows an authenticated attacker with “User Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the API input parameters Published: 2026-01-13T14:31:56.911Z Updated: 2026-02-26T15:04:45.811Z Open on db.gcve.eu Reference links https://community.progress.com/s/article/LoadMaster-Vulnerabilities-CVE-2025-13444-CVE-2025-13447 https://community.progress.com/s/article/ECS-Connection-Manager-Vulnerabilities-CVE-2025-13444-CVE-2025-13447 https://community.progress.com/s/article/Connection-Manager-for-ObjectScale-Vulnerabilities-CVE-2025-13444-CVE-2025-13447 https://community.progress.com/s/article/MOVEit-WAF-Vulnerabilities-CVE-2025-13444-CVE-2025-13447	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-13444`	vulnerable	2026-06-03 14:58:46.076929	OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster HIGH (8.4) OS Command Injection Remote Code Execution Vulnerability in API in Progress LoadMaster allows an authenticated attacker with “User Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the API input parameters Published: 2026-01-13T14:26:50.661Z Updated: 2026-02-26T15:04:46.116Z Open on db.gcve.eu Reference links https://community.progress.com/s/article/LoadMaster-Vulnerabilities-CVE-2025-13444-CVE-2025-13447 https://community.progress.com/s/article/ECS-Connection-Manager-Vulnerabilities-CVE-2025-13444-CVE-2025-13447 https://community.progress.com/s/article/Connection-Manager-for-ObjectScale-Vulnerabilities-CVE-2025-13444-CVE-2025-13447 https://community.progress.com/s/article/MOVEit-WAF-Vulnerabilities-CVE-2025-13444-CVE-2025-13447	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-2449`	vulnerable	2026-06-03 14:55:29.274293	LoadMaster Cross-Site Request Forgery (CSRF) HIGH (7.5) A cross-site request forgery vulnerability has been identified in LoadMaster. It is possible for a malicious actor, who has prior knowledge of the IP or hostname of a specific LoadMaster, to direct an authenticated LoadMaster administrator to a third-party site. In such a scenario, the CSRF payload hosted on the malicious site would execute HTTP transactions on behalf of the LoadMaster administrator. Published: 2024-03-22T13:35:39.103Z Updated: 2024-08-12T19:23:36.632Z Open on db.gcve.eu Reference links https://progress.com/loadmaster https://support.kemptechnologies.com/hc/en-us/articles/25119767150477-LoadMaster-Security-Vulnerabilities-CVE-2024-2448-and-CVE-2024-2449	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-2448`	vulnerable	2026-06-03 14:55:29.267423	LoadMaster Command Injection Vulnerability HIGH (8.4) An OS command injection vulnerability has been identified in LoadMaster. An authenticated UI user with any permission settings may be able to inject commands into a UI component using a shell command resulting in OS command injection. Published: 2024-03-22T13:32:43.657Z Updated: 2024-11-15T20:05:31.723Z Open on db.gcve.eu Reference links https://progress.com/loadmaster https://support.kemptechnologies.com/hc/en-us/articles/25119767150477-LoadMaster-Security-Vulnerabilities-CVE-2024-2448-and-CVE-2024-2449	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-1212`	vulnerable	2026-06-03 14:54:26.471570	LoadMaster Pre-Authenticated OS Command Injection CRITICAL (10) Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution. Published: 2024-02-21T17:39:12.599Z Updated: 2025-10-21T23:05:23.864Z Open on db.gcve.eu Reference links https://kemptechnologies.com/ https://freeloadbalancer.com/ https://support.kemptechnologies.com/hc/en-us/articles/24325072850573-Release-Notice-LMOS-7-2-59-2-7-2-54-8-7-2-48-10-CVE-2024-1212 https://support.kemptechnologies.com/hc/en-us/articles/23878931058445-LoadMaster-Security-Vulnerability-CVE-2024-1212	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.