CVE-2026-3517 - Vulnerability Analysis
HighCVSS: 8.4Last Updated: April 20, 2026
Progress ADC LoadMaster - Command Injection
Overview
Progress ADC LoadMaster contains a command injection caused by unsanitized input in the 'addcountry' command, letting authenticated attackers with Geo Administration permissions execute arbitrary OS commands.
Severity & Score
Impact
Authenticated attackers with Geo Administration permissions can execute arbitrary OS commands, potentially leading to full system compromise.
Mitigation
Update to the latest version of Progress ADC LoadMaster.
Social Media Activity(2 posts)
🟠 CVE-2026-3517 - High (8.4) OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “Geo Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3517/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original post
🟠 CVE-2026-3517 - High (8.4) OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “Geo Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3517/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-3517
- Severity
- High
- CVSS Score
- 8.4
- Type
- command_injection
- Status
- unconfirmed
- EPSS
- 0.0%
- Social Posts
- 2
CWE
- CWE-77
CVSS Metrics
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H