1. Home
  2. CVE Database
  3. CVE-2026-3519
HIGH · 8.4

CVE-2026-3519

OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “VS Administration” permissions to execute arbitrary commands on the Load...

Vulnerability Description

OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “VS Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the 'aclcontrol' command

CVSS Score

8.4

HIGH

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
ProgressConnection Manager For Objectscale< 7.2.63.1
ProgressEcs Connection Manager< 7.2.63.1
ProgressLoadmaster< 7.2.54.17

Related Weaknesses (CWE)

CWE-77

References

FAQ

What is CVE-2026-3519?

CVE-2026-3519 is a vulnerability with a CVSS score of 8.4 (HIGH). OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “VS Administration” permissions to execute arbitrary commands on the Load...

How severe is CVE-2026-3519?

CVE-2026-3519 has been rated HIGH with a CVSS base score of 8.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2026-3519?

Check the references section above for vendor advisories and patch information. Affected products include: Progress Connection Manager For Objectscale, Progress Ecs Connection Manager, Progress Loadmaster.