The Progress Kemp LoadMaster has disclosed five high-severity vulnerabilities, including a Web Application Firewall (WAF) bypass and an OS command injection vulnerability. These security issues can potentially allow attackers to circumvent the WAF protections and execute unauthorized commands on the underlying operating system. This makes systems running Kemp LoadMaster ADCs vulnerable to serious attacks that can compromise the server's integrity and data. Users of Kemp LoadMaster are strongly advised to apply the security patch released in April 2026 to mitigate these critical vulnerabilities. Keeping the ADC software updated is essential to secure your network infrastructure against exploitation attempts. If you rely on Kemp LoadMaster in your environment, prioritize patching immediately to maintain your cybersecurity posture.
Original tweet: https://twitter.com/the_yellow_fall/status/2046411405956464735