CVE-2026-3517: connection manager for objectscale vulnerability

OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “Geo Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the ...
CVE-2026-3517CVSS 8.4General

CVE-2026-3517: connection manager for objectscale vulnerability

OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “Geo Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the ...

CVSS
8.4 HIGH
EPSS
96.86%
Known exploited
not in KEV
Product
connection manager for objectscale

What is known

OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “Geo Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the 'addcountry' command

Sources