Last updated: July 5, 2026 at 9:01 AM UTC
All 557 Vulnerability 199 Breach 106 Threat 245 Defense 7
Tag: api (2 articles)Clear

Critical Kemp LoadMaster flaw gives unauthenticated attackers root on edge appliances

A critical flaw in Progress Kemp LoadMaster lets an unauthenticated attacker run commands as root on the appliance by sending a crafted request to its API. Rated 9.8, the bug (CVE-2026-8037) sits in a function meant to sanitize input before it reaches a shell command, and LoadMaster's position as an edge load balancer and application delivery controller makes a pre-authentication flaw especially dangerous, since it can turn a protective choke point into a direct foothold. Progress patched it in early June, and researchers at watchTowr published a full technical write-up with a working proof-of-concept on June 29. No exploitation has been reported yet, but Progress also makes MOVEit, a past mass-exploitation target.

Check
Identify Progress Kemp LoadMaster appliances with the API enabled, confirm their versions, and determine whether the management API is reachable from untrusted networks or the internet, the exposure this flaw needs.
Affected
Kemp LoadMaster GA 7.2.63.1 and earlier and LTSF 7.2.54.17 and earlier with the API enabled (CVE-2026-8037); an unauthenticated attacker who can reach the API gains root on an edge device.
Fix
Update to LoadMaster GA 7.2.63.2 or LTSF 7.2.54.18, and question whether the management API needs to be reachable at all, restricting it to trusted management networks or disabling it where unused.

ServiceNow API flaw let attackers query customer instance data

ServiceNow has quietly told affected customers that attackers exploited an unauthenticated flaw in one of its API endpoints to pull data from hosted customer instances. The company applied a fix to hosted instances on June 5 that restricts the endpoint to authenticated users, and confirmed attackers had successfully queried customer instance tables, though it did not say what data was taken. ServiceNow instances routinely hold sensitive material such as IT support tickets, employee records, asset inventories, and internal documentation, and support tickets in particular often contain credentials, API tokens, and secrets shared during troubleshooting. ServiceNow has opened support cases with the customers it believes were impacted.

Check
Check your ServiceNow support portal for a case opened by ServiceNow about this incident, and review instance access and API logs for unexpected unauthenticated queries before June 5.
Affected
Organizations running hosted ServiceNow instances whose data could be reached through the vulnerable unauthenticated API endpoint before the June 5 fix, especially those storing secrets in support tickets.
Fix
Confirm the June 5 fix applied to your instance, rotate any credentials, API tokens, or secrets that appeared in support tickets, and tighten access controls and logging on the instance.