Progress Patches Multiple Vulnerabilities in MOVEit WAF, LoadMaster
The security defects could be exploited for remote code execution, OS command injection, and WAF detection bypass. The post Progress Patches Multiple Vulnerabilities in MOVEit WAF, LoadMaster appeared first on SecurityWeek.
Progress Software on Monday rolled out patches for multiple MOVEit WAF and LoadMaster vulnerabilities that could lead to remote code execution (RCE) and OS command injection.
Two of the bugs, CVE-2026-3517 and CVE-2026-3519, impact APIs in Progress ADC products and could be exploited by users with ‘Geo Administration’ and ‘VS Administration’ permissions for the execution of arbitrary commands on the LoadMaster appliance.
The flaws exist because the ‘addcountry’ and ‘aclcontrol’ commands do not properly sanitize user-supplied input.
Source: https://www.securityweek.com/progress-patches-multiple-vulnerabilities-in-moveit-waf-loadmaster/
Related breach coverage
- SolarWinds Patches Four Critical Serv-U Vulnerabilities2026-02-25
The four security defects could be exploited for remote code execution but require administrative privileges. The post SolarWinds Patches Four Critical Serv-U Vulnerabilities appeared first on SecurityWeek.
- SolarWinds Patches Critical Web Help Desk Vulnerabilities2026-01-29
The four critical flaws could be exploited without authentication for remote code execution or authentication bypass. The post SolarWinds Patches Critical Web Help Desk Vulnerabilities appeared first on SecurityWeek.
- SAP Patches Critical Vulnerabilities With December 2025 Security Updates2025-12-10
Affecting Solution Manager, Commerce Cloud, and jConnect SDK, the bugs could lead to code injection and remote code execution. The post SAP Patches Critical Vulnerabilities With December 2025 Security Updates appeared first on SecurityWeek.
- QNAP Patches Vulnerabilities Exploited at Pwn2Own Ireland2025-11-10
Multiple vulnerabilities across QNAP’s portfolio could lead to remote code execution, information disclosure, and denial-of-service (DoS) conditions. The post QNAP Patches Vulnerabilities Exploited at Pwn2Own Ireland appeared first on SecurityWeek.