Critical RCE Flaw in Progress ADC LoadMaster Appliances

/HIGH /CVSS 8.4/10
Written by SCW Vulnerability Desk Vulnerability Intelligence
SCW vulnerabilitycvehigh-severityremote-code-executioncwe-77
Critical RCE Flaw in Progress ADC LoadMaster Appliances

The National Vulnerability Database has detailed CVE-2026-3518, a high-severity OS command injection vulnerability impacting Progress ADC Products’ LoadMaster appliances. This flaw, rated CVSS 8.4, allows an authenticated attacker with ‘All’ permissions to execute arbitrary commands remotely. The exploit targets unsanitized input within the ‘killsession’ command, enabling a complete takeover of the affected device.

This vulnerability (CWE-77) is particularly concerning because it requires prior authentication and elevated privileges, suggesting a sophisticated attacker or an insider threat. However, the ease of exploitation once authenticated means that compromised credentials or privilege escalation on the appliance could lead to devastating remote code execution. Defenders must prioritize patching and review access controls for LoadMaster administrative interfaces.

What This Means For You

  • If your organization utilizes Progress ADC LoadMaster appliances, immediately verify that CVE-2026-3518 is patched. Review administrative access logs for any suspicious 'killsession' command executions or unauthorized authentication events.

Related ATT&CK Techniques

T1190 Exploit Public-Facing Application Initial Access T1059.004 Command and Scripting Interpreter: Unix Shell Execution

🛡️ Detection Rules

1 rule · 6 SIEM formats

1 detection rule mapped to MITRE ATT&CK. Sigma YAML is free — copy below.

critical T1190 Initial Access

CVE-2026-3518: Progress ADC LoadMaster Unsanitized Input in 'killsession' API

Sigma YAML — free preview

Indicators of Compromise

IDTypeIndicator
CVE-2026-3518 RCE Progress ADC Products
CVE-2026-3518 Command Injection API in Progress ADC Products
CVE-2026-3518 Command Injection unsanitized input in the 'killsession' command

Written by SCW Vulnerability Desk

Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedApril 20, 2026 at 17:16 UTC

This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.

Believe this infringes your rights? Submit a takedown request.

Related Posts

CVE-2026-6652 — The Function Evaluate Of The File App/Modules/View/Src/PhpEn Vulnerability

CVE-2026-6652 — A weakness has been identified in Pagekit CMS up to 1.0.18. This issue affects the function evaluate of the file app/modules/view/src/PhpEngine.php of the...

vulnerabilityCVEmedium-severitycwe-94cwe-95
/SCW Vulnerability Desk /MEDIUM /4.7 /⚑ 3 IOCs /⚙ 2 Sigma

CVE-2026-6650 — Z-BlogPHP Unrestricted File Upload

CVE-2026-6650 — A vulnerability was identified in Z-BlogPHP 1.7.5. This affects the function App::UnPack of the file /zb_users/plugin/AppCentre/app_upload.php of the component ZBA File Handler. The...

vulnerabilityCVEmedium-severityunrestricted-file-uploadcwe-284cwe-434
/SCW Vulnerability Desk /MEDIUM /4.7 /⚑ 3 IOCs /⚙ 3 Sigma

ConnectWise Automate Flaw Exposes Client Traffic to Interception

CVE-2026-6066 — ConnectWise has released a security update for ConnectWise Automate™ that addresses a behavior in the ConnectWise Automate Solution Center where certain client-to-server communications...

vulnerabilityCVEhigh-severitycwe-319
/SCW Vulnerability Desk /HIGH /7.1 /⚑ 3 IOCs /⚙ 2 Sigma