Is Loadmaster affected by EUVD-2026-23856?

CVE-2026-3517 is a high-severity command injection vulnerability in Progress LoadMaster and related ADC products that allows authenticated administrators with specific geo-admin permissions to execute arbitrary system commands, potentially leading to complete compromise of the appliance.

Loadmaster EUVD-2026-23856

| CVE-2026-3517 HIGH

Command Injection (CWE-77)

2026-04-20 ProgressSoftware

GHSA-rw4j-jhfh-fr2h

Command Injection RCE Loadmaster Ecs Connections Manager Object Scale Connection Manager Moveit Waf

8.4

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Re-analysis Queued

Apr 20, 2026 - 19:07 vuln.today

cvss_changed

Analysis Generated

Apr 20, 2026 - 14:32 vuln.today

DescriptionNVD

OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “Geo Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the 'addcountry' command

AnalysisAI

Command injection in Progress LoadMaster and related ADC products allows authenticated attackers with Geo Administration permissions to execute arbitrary OS commands on appliances via the unsanitized 'addcountry' API parameter. Affects LoadMaster, ECS Connections Manager, MOVEit WAF, and Object Scale Connection Manager versions prior to 7.2.63.0. …

RemediationAI

Within 24 hours: Identify and inventory all Progress LoadMaster and related ADC product deployments; audit and restrict 'Geo Administration' role assignments to only essential personnel with formal justification. Within 7 days: Implement network-level access controls limiting LoadMaster API exposure to trusted administrative networks only; disable or isolate the 'addcountry' API endpoint if operationally feasible; enable API request logging and alerting. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

EUVD-2026-23856 vulnerability details – vuln.today

Back

Loadmaster EUVD-2026-23856

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code