HomeIntelligenceBrief
VULNERABILITY BRIEF🟠 High Vulnerability

Critical Remote Code Execution in Kemp LoadMaster (CVE-2026-3517) Threatens Load‑Balancing Services

Progress Software disclosed a critical command‑injection flaw (CVE‑2026‑3517) in Kemp LoadMaster that allows authenticated attackers to execute arbitrary code. The vulnerability scores 8.8 on CVSS and can disrupt load‑balancing operations across multiple industries, posing a significant third‑party risk.

LiveThreat™ Intelligence · 📅 May 22, 2026· 📰 zerodayinitiative.com
🟠
Severity
High
VU
Type
Vulnerability
🎯
Confidence
High
🏢
Affected
2 sector(s)
Actions
5 recommended
📰
Source
zerodayinitiative.com

Critical Remote Code Execution in Kemp LoadMaster (CVE‑2026‑3517) Threatens Load‑Balancing Services

What It Is — Progress Software’s Kemp LoadMaster appliance contains a command‑injection flaw in the addcountry (customLocation) parameter that permits an authenticated remote attacker to execute arbitrary system commands.

Exploitability — The vulnerability (CVSS 8.8, AV:N/AC:L/PR:L/UI:N) is actively exploitable; proof‑of‑concept code has been shared publicly. Authentication is required, but once valid credentials are obtained the attacker can gain full code execution on the appliance.

Affected Products — Kemp LoadMaster (all versions prior to the 7.2.63‑1 security update).

TPRM Impact

  • Load balancers sit at the front‑line of many SaaS, e‑commerce, and cloud‑hosted services; compromise can cascade to downstream applications.
  • A breached LoadMaster can be leveraged to pivot into internal networks, exposing customer data and disrupting critical business continuity.

Recommended Actions

  • Deploy the vendor‑provided patch (LoadMaster 7.2.63‑1 or later) immediately.
  • Enforce strong, unique credentials for appliance administration; rotate any passwords that may have been used before patching.
  • Restrict management‑plane access to trusted IP ranges and enable multi‑factor authentication where supported.
  • Conduct a post‑patch validation scan to confirm the vulnerability is mitigated.
  • Review network segmentation to ensure a compromised load balancer cannot directly reach sensitive back‑end systems.

Source: Zero Day Initiative advisory

📰 Original Source
http://www.zerodayinitiative.com/advisories/ZDI-26-319/

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · Trust Operations

Misconfigurations are control gaps in disguise.

Verisq AI Trust Operations turns findings like this into mapped controls with continuous evidence, keeping your audit readiness current instead of point-in-time.

Map your controls with Verisq AI Trust Operations →