Home · Briefs · CTI Daily Brief — 2026-07-02
UPDATE: Kemp LoadMaster CVE-2026-8037 — exploitation attempts confirmed the day the PoC dropped
From CTI Daily Brief — 2026-07-02 · published 2026-07-02
UPDATE (originally covered 2026-06-30): eSentire's Threat Response Unit reports that in-the-wild exploitation attempts against CVE-2026-8037 — the Progress Kemp LoadMaster pre-auth OS command-injection flaw reachable through the
/accessv2API endpoint (CVSS 9.6–9.8) — began 2026-06-29, the same day a public proof-of-concept was released, confirming the compressed PoC-to-exploitation timeline (eSentire TRU, 2026-06-30).The observed attempts were unsuccessful, with no post-compromise activity, but eSentire assesses that public PoC availability plus detailed technical write-ups will drive continued and likely more successful attacks near-term (The Hacker News, 2026-07-01). Affected versions remain LoadMaster 7.2.63.1 and earlier (GA) and 7.2.54.17 and earlier (LTSF); Progress shipped patched firmware in early June 2026. Patch remains the primary mitigation; disabling the LoadMaster API where not required removes the
/accessv2attack surface entirely. Hunt/accessv2traffic for malformed/oversized parameters and repeated probing from related sources in a short window (T1190 → T1059).