HIGH SeverityCVSS 3.18.4CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE-2026-4048
Last updated Apr 22, 2026 · Published Apr 20, 2026
Description
OS Command Injection Remote Code Execution Vulnerability in UI in Progress ADC Products allows an authenticated attacker with “All” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in a custom WAF rule file during the file upload process.
Affected products
1 listed- Progress Software:ECS Connections Manager; Progress Software:LoadMaster; Progress Software:MOVEit WAF; Progress Software:Object Scale Connection Manager
Mappings
CWE
CWE-77
CAPEC
CAPEC-88
CVE® content © MITRE Corporation. Licensed under the CVE Terms of Use. Terms