What is CVE-2026-8037?

CVE-2026-8037 is a critical-severity vulnerability in Progress Software Ecs Connections Manager, classified under Command Injection. CVSS score: 9.6/10. Published 2026-06-04.

How severe is CVE-2026-8037?

Critical severity. CVSS v3 base score is 9.6 out of 10.

RCE in Progress Software Ecs Connections Manager

CVE-2026-8037

OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an un-authenticated attacker to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in multiple command endp…

Vulnerability class: Command Injection (OS Command Injection)

CVSS v3 metric

CVSS v3 base score 9.6 (Critical). Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H.

Affected products

Progress Software Ecs Connections Manager — versions V7.2.60.0
Progress Software Loadmaster — versions V7.2.60.0, V7.2.45.12
Progress Software Moveit Waf — versions V7.2.60.0
Progress Software Object Scale Connection Manager — versions V7.2.60.0

Weakness classification (CWE)

CWE-77 — Command Injection

References

security@progress.com (vendor-advisory)

Frequently asked questions

What is CVE-2026-8037?: CVE-2026-8037 is a critical-severity vulnerability in Progress Software Ecs Connections Manager, classified under Command Injection. CVSS score: 9.6/10. Published 2026-06-04.
How severe is CVE-2026-8037?: Critical severity. CVSS v3 base score is 9.6 out of 10.