CVE-2026-4048 - Vulnerability Analysis
HighCVSS: 8.4Last Updated: April 20, 2026
Progress ADC - Command Injection
Overview
Progress ADC UI contains a command injection caused by unsanitized input in a custom WAF rule file upload, letting authenticated attackers with all permissions execute arbitrary commands on the LoadMaster appliance.
Severity & Score
Impact
Authenticated attackers with all permissions can execute arbitrary commands, potentially leading to full system compromise.
Mitigation
Update to the latest version of Progress ADC LoadMaster appliance.
Social Media Activity(2 posts)
π CVE-2026-4048 - High (8.4) OS Command Injection Remote Code Execution Vulnerability in UI in Progress ADC Products allows an authenticated attacker with βAllβ permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in a cust... π https://www.thehackerwire.com/vulnerability/CVE-2026-4048/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original post
π CVE-2026-4048 - High (8.4) OS Command Injection Remote Code Execution Vulnerability in UI in Progress ADC Products allows an authenticated attacker with βAllβ permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in a cust... π https://www.thehackerwire.com/vulnerability/CVE-2026-4048/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postGitHub Repositories(1 repo)
Related Resources
Details
- CVE ID
- CVE-2026-4048
- Severity
- High
- CVSS Score
- 8.4
- Type
- command_injection
- Status
- unconfirmed
- EPSS
- 0.0%
- Social Posts
- 2
CWE
- CWE-77
CVSS Metrics
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H