ZDI 2026-05-21

ZDI-26-318: Progress Software Kemp LoadMaster ssodomain_killsession Command Injection Remote Code Execution Vulnerability

CVE-2026-3518

Machine-generated analysis · WAYSCloud LLM

Authentication is required to exploit the command injection vulnerability in Kemp LoadMaster's ssodomain_killsession function.

Context

The vulnerability affects Progress Software Kemp LoadMaster, specifically the ssodomain_killsession functionality. The advisory describes a command injection issue that allows remote code execution. Authentication is required to exploit the vulnerability, as stated in the description. The ZDI assigned a CVSS score of 8.8, indicating high severity according to their rating.

Operator considerations

Check: Verify if Kemp LoadMaster systems are running unpatched versions with the vulnerable ssodomain_killsession function.

From Zero Day Initiative ↗

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software Kemp LoadMaster. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2026-3518.

Read the full advisory on ZDI →