Post
CRITICAL

Progress Kemp LoadMaster Pre-Auth RCE Under Active Exploitation

· rce · cve · vulnerability

eSentire’s Threat Response Unit says it has observed active exploitation attempts against CVE-2026-8037, a critical (CVSS 9.6) OS command injection flaw in Progress Kemp LoadMaster. The vulnerability is pre-authentication, meaning attackers don’t need valid credentials to attempt exploitation against exposed instances. Organizations running Kemp LoadMaster should confirm they’re on a patched build and check for signs of compromise given the active-exploitation reports.