THREAT OPS › Threat News › Enterprise Tech In, Shell Out (Progress Kemp LoadMaster Uninitialized Heap to Pre-Auth RCE CVE-2026-8037)
Enterprise Tech In, Shell Out (Progress Kemp LoadMaster Uninitialized Heap to Pre-Auth RCE CVE-2026-8037)
<img alt="Enterprise Tech In, Shell Out (Progress Kemp LoadMaster Uninitialized Heap to Pre-Auth RCE CVE-2026-8037)" src="https://storage.ghost.io/c/a0/dc/a0dcbbe4-0ae7-4d7e-90f7-ebbc3a0f5a84/content/images/2026/06/1920--1080---2--3-.png" /><p>Welcome back to another watchTowr Labs blog post.</p><p>This time, we're looking at Progress Kemp LoadMaster, a load balancer that sits at the edge of
MITRE ATT&CK techniques
- CredentialsT1589.001
Indicators of compromise
- aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaamd5
- bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbmd5
- ccccccccccccccccccccccccccccccccmd5
- CVE-2026-8037cve
- CVE-2026-33691cve
- https://watchtowr.com/demo/?ref=labs.watchtowr.comurl
- https://community.progress.com/s/article/LoadMaster-Critical-Security-Bulletin-June-2026-CVE-2026-8037-CVE-2026-33691?ref=labs.watchtowr.comurl
- https://www.zerodayinitiative.com/advisories/ZDI-26-342/?ref=labs.watchtowr.comurl
- 7.2.63.1ipv4
- 7.2.63.2ipv4
- storage.ghost.iodomain