HIGH SeverityCVSS 3.18.4CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE-2026-3519
Last updated Apr 22, 2026 · Published Apr 20, 2026
Description
OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “VS Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the 'aclcontrol' command
Affected products
1 listed- Progress Software:ECS Connections Manager; Progress Software:LoadMaster; Progress Software:MOVEit WAF; Progress Software:Object Scale Connection Manager
Mappings
CWE
CWE-77
CAPEC
CAPEC-88
CVE® content © MITRE Corporation. Licensed under the CVE Terms of Use. Terms