Progress Software has released important security patches for MOVEit WAF and LoadMaster products. The vulnerabilities fixed include multiple command injection flaws and Web Application Firewall (WAF) bypass issues that could lead to Remote Code Execution (RCE). One of the reported vulnerabilities is identified as CVE-2026-3517. These weaknesses may allow attackers to bypass security controls enforced by the WAF and execute arbitrary commands on the targeted system, potentially compromising the server. It is critically important for users of MOVEit WAF and LoadMaster to apply the latest patches immediately to protect their systems from exploitation. The update is part of a typical Patch Tuesday release, emphasizing the urgency and importance of timely updates in maintaining security.
Check out the original tweet here: https://twitter.com/NetSecIO/status/2046649319420309956