Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2026-3519— OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster, ECS Connection Manager, Object Scale Connection Manager & MOVEit WAF

CVSS 8.4 · High EPSS 0.03% · P9
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-3519

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster, ECS Connection Manager, Object Scale Connection Manager & MOVEit WAF
Source: NVD (National Vulnerability Database)
Vulnerability Description
OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “VS Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the 'aclcontrol' command
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
在命令中使用的特殊元素转义处理不恰当(命令注入)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Progress LoadMaster 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Progress LoadMaster是美国Progress公司的一款高性能的应用程序交付控制器 (ADC) 和负载均衡器。 Progress LoadMaster存在安全漏洞,该漏洞源于aclcontrol命令输入未清理,可能导致具有VS Administration权限的经过身份验证的攻击者执行任意命令。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
Progress SoftwareLoadMaster V7.2.45.0 ~ V7.2.63.0 -
Progress SoftwareECS Connections Manager V7.2.49.0 ~ V7.2.63.0 -
Progress SoftwareObject Scale Connection Manager V7.2.62.0 ~ V7.2.63.0 -
Progress SoftwareMOVEit WAF V7.2.62.0 ~ V7.2.63.0 -

II. Public POCs for CVE-2026-3519

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-3519

登录查看更多情报信息。

Same Patch Batch · Progress Software · 2026-04-20 · 4 CVEs total

CVE-2026-35178.4 HIGHOS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster, ECS Conne
CVE-2026-35188.4 HIGHOS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster, ECS Conne
CVE-2026-40488.4 HIGHOS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster, ECS Conne

IV. Related Vulnerabilities

Same product: LoadMaster
Same vendor: Progress Software
Same weakness: CWE-77

V. Comments for CVE-2026-3519

No comments yet

Leave a comment