EUVD-2026-23859
GHSA-pwx9-99jm-fx95
CVSS VectorNVD
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionNVD
OS Command Injection Remote Code Execution Vulnerability in UI in Progress ADC Products allows an authenticated attacker with “All” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in a custom WAF rule file during the file upload process.
AnalysisAI
OS command injection in Progress LoadMaster and related ADC products allows authenticated administrators with 'All' permissions to execute arbitrary commands via malicious WAF rule file uploads. The attacker exploits unsanitized input during the file upload process in the web UI. …
Sign in for full analysis, threat intelligence, and remediation guidance.
RemediationAI
Within 24 hours: Audit and enforce principle of least privilege-restrict 'All' administrative permissions to only essential personnel and implement role-based access controls segregating WAF rule management from system configuration. Within 7 days: Implement application-layer monitoring and logging of all WAF rule file uploads with alerting for suspicious patterns; disable direct file upload capabilities if alternative rule deployment methods exist. …
Sign in for detailed remediation steps.
Share
External POC / Exploit Code
Leaving vuln.today