PT-2026-33766 · Progress · Ecs Connections Manager+3
Published
2026-04-20
·
Updated
2026-05-01
·
CVE-2026-4048
CVSS v3.1
8.4
High
| Vector | AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Progress ADC Products (affected versions not specified)
Description
An OS Command Injection flaw in the user interface allows an authenticated attacker with "All" permissions to execute arbitrary commands on the LoadMaster appliance. This occurs due to unsanitized input within a custom WAF (Web Application Firewall) rule file during the file upload process.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ecs Connections Manager
Loadmaster
Moveit Waf
Object Scale Connection Manager