Kemp LoadMaster and Progress MOVEit WAF Critical Vulnerabilities
Summary
CERT-Bund published security advisory WID-SEC-2026-1185 disclosing critical vulnerabilities in Kemp LoadMaster and Progress Software MOVEit WAF products. The vulnerabilities carry a CVSS Base Score of 9.3 (critical) and a CVSS Temporal Score of 8.1 (high), with confirmed remote exploitability. Affected product versions include Kemp LoadMaster <7.2.63.1, Kemp LoadMaster LTSF <7.2.54.17, and Progress Software MOVEit WAF <7.2.63.0. Attackers can exploit these flaws to execute arbitrary code or bypass security controls.
“Ein Angreifer kann mehrere Schwachstellen in Kemp LoadMaster und Progress Software MOVEit WAF ausnutzen, um beliebigen Programmcode auszuführen oder Sicherheitsmaßnahmen zu umgehen.”
Organisations with Kemp LoadMaster or Progress MOVEit WAF in their infrastructure perimeter should verify their deployed versions against the stated thresholds and confirm mitigations are in place. The CVSS 9.3 base score and confirmed remote exploitability place these vulnerabilities in the highest severity band for enterprise software exposure.
What changed
CERT-Bund issued a security advisory alerting organisations to critical remote code execution vulnerabilities in Kemp LoadMaster load balancer products and Progress Software MOVEit WAF managed file transfer software. The vulnerabilities have the highest possible severity rating of 9.3 on the CVSS scale. No specific remediation steps or patch versions are detailed in the advisory beyond indicating mitigations are available.
Organisations running affected versions of Kemp LoadMaster or Progress MOVEit WAF should treat this as a high-priority security event given the remote exploitability and critical severity. Immediate inventory of deployed instances and verification of remediation measures is warranted.
Archived snapshot
Apr 21, 2026GovPing captured this document from the original source. If the source has since changed or been removed, this is the text as it existed at that time.
[WID-SEC-2026-1185] Kemp LoadMaster und Progress Software MOVEit WAF: Mehrere Schwachstellen CVSS Base Score 9.3 (kritisch) CVSS Temporal Score 8.1 (hoch) Remoteangriff ja Datum 20.04.2026 Stand 21.04.2026 Mitigation ja
Betroffene Systeme
Betriebssystem
- Sonstiges
- Windows
Produktbeschreibung
LoadMaster ist eine Load Balancer Lösung von Progress Software.
Progress MOVEit ist eine sichere Managed File Transfer (MFT)-Software, die Transparenz und Kontrolle über die Dateiübertragungsaktivitäten bietet.
Produkte
20.04.2026
- Kemp LoadMaster <7.2.63.1
Kemp LoadMaster LTSF <7.2.54.17
Progress Software MOVEit WAF <7.2.63.0
Angriff
Angriff
Ein Angreifer kann mehrere Schwachstellen in Kemp LoadMaster und Progress Software MOVEit WAF ausnutzen, um beliebigen Programmcode auszuführen oder Sicherheitsmaßnahmen zu umgehen. CVE Informationen Versionshistorie Feedback zum Advisory geben
Related changes
Get daily alerts for CERT-Bund Security Advisories
Daily digest delivered to your inbox.
Free. Unsubscribe anytime.
Source
About this page
Every important government, regulator, and court update from around the world. One place. Real-time. Free. Our mission
Source document text, dates, docket IDs, and authority are extracted directly from CERT-Bund.
The summary, classification, recommended actions, deadlines, and penalty information are AI-generated from the original text and may contain errors. Always verify against the source document.
Classification
Who this affects
Taxonomy
Browse Categories
Get alerts for this source
We'll email you when CERT-Bund Security Advisories publishes new changes.
Subscribed!
Optional. Filters your digest to exactly the updates that matter to you.