Last updated: July 5, 2026 at 9:01 AM UTC
All 557 Vulnerability 199 Breach 106 Threat 245 Defense 7
Tag: progress (2 articles)Clear

Critical Kemp LoadMaster flaw gives unauthenticated attackers root on edge appliances

A critical flaw in Progress Kemp LoadMaster lets an unauthenticated attacker run commands as root on the appliance by sending a crafted request to its API. Rated 9.8, the bug (CVE-2026-8037) sits in a function meant to sanitize input before it reaches a shell command, and LoadMaster's position as an edge load balancer and application delivery controller makes a pre-authentication flaw especially dangerous, since it can turn a protective choke point into a direct foothold. Progress patched it in early June, and researchers at watchTowr published a full technical write-up with a working proof-of-concept on June 29. No exploitation has been reported yet, but Progress also makes MOVEit, a past mass-exploitation target.

Check
Identify Progress Kemp LoadMaster appliances with the API enabled, confirm their versions, and determine whether the management API is reachable from untrusted networks or the internet, the exposure this flaw needs.
Affected
Kemp LoadMaster GA 7.2.63.1 and earlier and LTSF 7.2.54.17 and earlier with the API enabled (CVE-2026-8037); an unauthenticated attacker who can reach the API gains root on an edge device.
Fix
Update to LoadMaster GA 7.2.63.2 or LTSF 7.2.54.18, and question whether the management API needs to be reachable at all, restricting it to trusted management networks or disabling it where unused.

Progress ShareFile pre-auth RCE chain disclosed - 30,000 instances exposed, ransomware gangs watching (CVE-2026-2699, CVE-2026-2701)

Two flaws in Progress ShareFile's Storage Zones Controller can be chained for unauthenticated remote code execution - no credentials needed. An attacker first bypasses authentication via improper HTTP redirect handling, then uploads a malicious webshell through the file upload function. watchTowr published full technical details and a proof-of-concept. Around 30,000 instances are exposed online. File transfer solutions are a favorite ransomware target - Clop hit Accellion, GoAnywhere, MOVEit, and Cleo the same way.

Check
Check if you run Progress ShareFile with customer-managed Storage Zones Controller on branch 5.x.
Affected
ShareFile Storage Zones Controller 5.x versions prior to 5.12.4. Cloud-only ShareFile deployments are not affected.
Fix
Update to ShareFile Storage Zones Controller 5.12.4 or later (released March 10). Audit web server logs for requests to /ConfigService/Admin.aspx. Check the webroot for unexpected ASPX files that could indicate existing compromise.