OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an un-authenticated attacker to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in multiple command endpoints
Published: 2026-06-04
Updated: 2026-07-01
Base Score: 8.3
Vector: CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C
Severity: High
Base Score: 9.6
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Severity: Critical
EPSS: 0.29641
Tenable Research has classified this CVE under the following Vulnerability Watch classification, which includes active and historical (inactive) classifications. You can learn more about these classifications on our blog.
Vulnerability Being Monitored