Is Loadmaster affected by EUVD-2026-23857?

CVE-2026-3518 is a command injection vulnerability in Progress LoadMaster and related products that allows authenticated administrators to execute arbitrary OS commands on the appliance, potentially compromising the entire network infrastructure these devices protect.

Loadmaster EUVD-2026-23857

| CVE-2026-3518 HIGH

Command Injection (CWE-77)

2026-04-20 ProgressSoftware

GHSA-wvwg-7g9q-g3v4

Command Injection RCE Loadmaster Ecs Connections Manager Object Scale Connection Manager Moveit Waf

8.4

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Re-analysis Queued

Apr 20, 2026 - 19:07 vuln.today

cvss_changed

Analysis Generated

Apr 20, 2026 - 14:32 vuln.today

DescriptionNVD

OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “All” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the 'killsession' command

AnalysisAI

OS command injection in Progress LoadMaster, MOVEit WAF, ECS Connections Manager, and Object Scale Connection Manager API allows authenticated attackers with 'All' permissions to execute arbitrary commands on appliances via unsanitized input in the 'killsession' API endpoint. CVSS 8.4 (High) reflects adjacent network access vector and high privileges requirement, limiting exploitation to administrators or compromised admin accounts. …

RemediationAI

Within 24 hours: Inventory all Progress LoadMaster, ECS Connections Manager, Object Scale Connection Manager, and MOVEit WAF instances and document current versions. Within 7 days: Restrict administrative access to these appliances to only essential personnel, enforce multi-factor authentication on all admin accounts, and implement network segmentation to limit lateral movement from compromised appliances. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

EUVD-2026-23857 vulnerability details – vuln.today

Back

Loadmaster EUVD-2026-23857

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code