CVE-2026-3518 - Vulnerability Analysis
HighCVSS: 8.4Last Updated: April 20, 2026
Progress ADC LoadMaster - Command Injection
Overview
Progress ADC LoadMaster contains a command injection caused by unsanitized input in the 'killsession' command, letting authenticated attackers with all permissions execute arbitrary OS commands remotely.
Severity & Score
Impact
Authenticated attackers with all permissions can execute arbitrary OS commands, potentially leading to full system compromise.
Mitigation
Update to the latest version of Progress ADC LoadMaster.
Social Media Activity(2 posts)
π CVE-2026-3518 - High (8.4) OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with βAllβ permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the '... π https://www.thehackerwire.com/vulnerability/CVE-2026-3518/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original post
π CVE-2026-3518 - High (8.4) OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with βAllβ permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the '... π https://www.thehackerwire.com/vulnerability/CVE-2026-3518/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-3518
- Severity
- High
- CVSS Score
- 8.4
- Type
- command_injection
- Status
- unconfirmed
- EPSS
- 0.0%
- Social Posts
- 2
CWE
- CWE-77
CVSS Metrics
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H