PT-2026-33761 · Progress · Adc Loadmaster

Michael Argany

Published

2026-04-20

Updated

2026-05-21

CVE-2026-3517

CVSS v3.1

8.4

High

Vector

AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Progress ADC LoadMaster (affected versions not specified)

Description An OS command injection flaw in the API allows an authenticated attacker with Geo Administration permissions to execute arbitrary commands on the appliance. This is possible due to unsanitized input in the 'addcountry' command.

Recommendations Update to the latest version. As a temporary workaround, restrict access to the 'addcountry' command to minimize the risk of exploitation.

Fix

RCE

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77

Related Identifiers

CVE-2026-3517

ZDI-26-319

Affected Products

Adc Loadmaster

PT-2026-33761 · Progress · Adc Loadmaster

CVE-2026-3517

Weakness Enumeration

Related Identifiers

Affected Products

References · 9