CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2026-3518

OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “All” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the 'killsession' command

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 23.2%

CVSS Severity

CVSS v3 Score 8.4

References

https://community.progress.com/s/article/LoadMaster-Security-Vulnerabilites-CVE-2026-3517-CVE-2026-3518-CVE-2026-3519-CVE-2026-4048-CVE-2026-21876

Products affected by CVE-2026-3518

Progress » Connection Manager For Objectscale » Version: Any

cpe:2.3:a:progress:connection_manager_for_objectscale:*
Progress » Ecs Connection Manager » Version: Any

cpe:2.3:a:progress:ecs_connection_manager:*
Progress » Loadmaster » Version: Any

cpe:2.3:a:progress:loadmaster:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-3518

Products

Pricing

Contact Us