CVE Tools
Back to feed
watchTowr Labs ·EN Vendor research

Enterprise Tech In, Shell Out (Progress Kemp LoadMaster Uninitialized Heap to Pre-Auth RCE CVE-2026-8037)

By Sina Kheirkhah (@SinSinology)··15 min read

Welcome back to another watchTowr Labs blog post.

This time, we're looking at Progress Kemp LoadMaster, a load balancer that sits at the edge of a lot of enterprise networks. Edge appliances have a habit of becoming the way in rather than the thing keeping people out, and CVE-2026-8037 keeps that streak alive: a pre-authentication Remote Code Execution vulnerability accessible to anyone who can access the API.…

Continue reading on watchTowr Labs