Vendor scorecard
Progress (Kemp LoadMaster)
Progress (Kemp LoadMaster) security disclosure record — CVE volume, CVSS severity mix and product-category breakdown, sourced from the NIST NVD.
CPE: progress, kemptechnologies
Product families
1
Open in latest
4
Inferred — see methodology
Last disclosure
Apr 20, 2026
01
Product categories
1 trackedCVE volume, severity mix and the inferred latest shipping version per category.
| Category | CVEs | Volume | Severity mix | Open | Inferred latest |
|---|---|---|---|---|---|
| LoadMasterApplication Delivery / ADCloadmaster, loadmaster_operating_system | 6 | 4 | 7.2.41.2MED |
02
Recent CVEs
6 shownMost recently published, newest first. Each ID links to its NVD record.
| CVE | Severity | CVSS | Summary | Published |
|---|---|---|---|---|
| CVE-2026-4048(opens NVD record) | High | 8.4 | OS Command Injection Remote Code Execution Vulnerability in UI in Progress ADC Products allows an authenticated attacker with “All” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in a custom WAF rule file during the file upload process. | Apr 20, 2026 |
| CVE-2026-3519(opens NVD record) | High | 8.4 | OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “VS Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the 'aclcontrol' command | Apr 20, 2026 |
| CVE-2026-3518(opens NVD record) | High | 8.4 | OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “All” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the 'killsession' command | Apr 20, 2026 |
| CVE-2026-3517(opens NVD record) | High | 8.4 | OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “Geo Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the 'addcountry' command | Apr 20, 2026 |
| CVE-2025-13447(opens NVD record) | High | 8.4 | OS Command Injection Remote Code Execution Vulnerability in API in Progress LoadMaster allows an authenticated attacker with “User Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the API input parameters | Jan 13, 2026 |
| CVE-2025-13444(opens NVD record) | High | 8.4 | OS Command Injection Remote Code Execution Vulnerability in API in Progress LoadMaster allows an authenticated attacker with “User Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the API input parameters | Jan 13, 2026 |
6 CVEs · 1 product families