Free practical cybersecurity guidance for organisations without a security team.
hello@actionsoncyber.com
← Back to Vulnerability Briefs

Critical Security Flaw in Progress Kemp LoadMaster Could Let Hackers Take Control

A serious security weakness has been found in Progress Kemp LoadMaster devices that manage internet traffic for businesses. This flaw could allow attackers to run harmful commands without needing to log in, potentially taking full control of the device. Small organisations using these devices should act quickly to protect themselves.

30 June 2026

Reference: CVE-2026-8037

1. What is being reported?

The vulnerability involves a problem in the software of Progress Kemp LoadMaster appliances, where certain inputs are not properly checked. This allows attackers to inject commands remotely and execute them on the device without any authentication.

2. What this means in plain English

If exploited, this flaw could let hackers control your network traffic device, potentially disrupting your internet access or allowing them to access sensitive information. This poses a significant risk to the security and operation of your organisation.

3. Could this affect a small business?

Small businesses or charities using Progress Kemp LoadMaster devices to manage their internet connections could be affected. Organisations not using these devices are not at risk from this specific issue.

4. What to do now

  • Check if your organisation uses Progress Kemp LoadMaster appliances.
  • Contact your IT provider or the device supplier to confirm if your device is affected and to get the latest security updates or patches.
  • Apply any recommended software updates or patches as soon as possible.
  • Monitor your network devices for unusual activity and review access controls.

5. Ask your IT provider

Can you confirm if our Progress Kemp LoadMaster devices are affected by CVE-2026-8037, and have the necessary security patches been applied?

6. Bottom line

If you use Progress Kemp LoadMaster devices, act quickly to update them and protect your organisation from potential remote attacks.

Information based on CISA KEV, NVD, and reputable security reporting.

Back to Vulnerability Briefs