Progress Loadmaster
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Progress Loadmaster.
By the Year
In 2026 there have been 0 vulnerabilities in Progress Loadmaster. Last year, in 2025 Loadmaster had 6 security vulnerabilities published. Right now, Loadmaster is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 6 | 7.13 |
| 2024 | 8 | 8.14 |
It may take a day or so for new Loadmaster vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Progress Loadmaster Security Vulnerabilities
Progress LoadMaster 7.2.40+ Buffer Overflow via Improper Input Validation
CVE-2025-1758
8.8 - High
- March 19, 2025
Improper Input Validation vulnerability in Progress LoadMaster allows : Buffer OverflowThis issue affects: * LoadMaster: 7.2.40.0 and above * ECS: All versions * Multi-Tenancy: 7.1.35.4 and above
Stack Overflow
Progress LoadMaster 7.2.48.12-7.2.60.1 OS Command Injection via Auth Input
CVE-2024-56135
6.8 - Medium
- February 05, 2025
Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. This issue affects: ?Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive) ? From 7.2.49.0 to 7.2.54.12 (inclusive) ? 7.2.48.12 and all prior versions ECS All prior versions to 7.2.60.1 (inclusive)
Improper Input Validation
Progress LoadMaster <7.2.60.1 OS Cmd Injection
CVE-2024-56134
6.8 - Medium
- February 05, 2025
Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. This issue affects: ?Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive) ? From 7.2.49.0 to 7.2.54.12 (inclusive) ? 7.2.48.12 and all prior versions Multi-Tenant Hypervisor 7.1.35.12 and all prior versions ECS All prior versions to 7.2.60.1 (inclusive)
Improper Input Validation
Progress LoadMaster <=7.2.60.1: OS Command Injection (Auth)
CVE-2024-56133
6.8 - Medium
- February 05, 2025
Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. This issue affects: ?Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive) ? From 7.2.49.0 to 7.2.54.12 (inclusive) ? 7.2.48.12 and all prior versions ECS All prior versions to 7.2.60.1 (inclusive)
Improper Input Validation
Progress LoadMaster OS Command Injection 7.2.48.12+ upto 7.2.60.1
CVE-2024-56132
6.8 - Medium
- February 05, 2025
Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. This issue affects: ?Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive) ? From 7.2.49.0 to 7.2.54.12 (inclusive) ? 7.2.48.12 and all prior versions ECS All prior versions to 7.2.60.1 (inclusive)
Shell injection
Progress LoadMaster 7.2.55.0-7.2.60.1 OS CI (Auth)
CVE-2024-56131
6.8 - Medium
- February 05, 2025
Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. This issue affects: ?Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive) ? From 7.2.49.0 to 7.2.54.12 (inclusive) ? 7.2.48.12 and all prior versions Multi-Tenant Hypervisor 7.1.35.12 and all prior versions ECS All prior versions to 7.2.60.1 (inclusive)
Improper Input Validation
Progress LoadMaster 7.2.60.1 OS Command Injection via Improper Input Validation
CVE-2024-8755
9.8 - Critical
- October 11, 2024
Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.This issue affects: ?Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive) ? From 7.2.49.0 to 7.2.54.12 (inclusive) ? 7.2.48.12 and all prior versions Multi-Tenant Hypervisor 7.1.35.12 and all prior versions ECS All prior versions to 7.2.60.1 (inclusive)
Shell injection
LoadMaster & ECS 7.x OS Command Injection via Authenticated Input (before 7.2.60)
CVE-2024-6658
6.8 - Medium
- September 12, 2024
Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows OS Command Injection.This issue affects: ?Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.0 (inclusive) ? From 7.2.49.0 to 7.2.54.11 (inclusive) ? 7.2.48.12 and all prior versions Multi-Tenant Hypervisor 7.1.35.11 and all prior versions ECS All prior versions to 7.2.60.0 (inclusive)
Improper Input Validation
Command Injection in Progress LoadMaster 7.2.40+ via Improper Input Validation
CVE-2024-7591
7.2 - High
- September 05, 2024
Improper Input Validation vulnerability in Progress LoadMaster allows OS Command Injection.This issue affects: * LoadMaster: 7.2.40.0 and above * ECS: All versions * Multi-Tenancy: 7.1.35.4 and above
Shell injection
LoadMaster SSH Private Key Escalation via Network Proximity
CVE-2024-3544
7.5 - High
- May 02, 2024
Unauthenticated attackers can perform actions, using SSH private keys, by knowing the IP address and having access to the same network of one of the machines in the HA or Cluster group. This vulnerability has been closed by enhancing LoadMaster partner communications to require a shared secret that must be exchanged between the partners before communication can proceed.
Reversible PassEnc Decryption Vulnerability in Unknown System
CVE-2024-3543
7.5 - High
- May 02, 2024
Use of reversible password encryption algorithm allows attackers to decrypt passwords. Sensitive information can be easily unencrypted by the attacker, stolen credentials can be used for arbitrary actions to corrupt the system.
Insufficiently Protected Credentials
Citrix LoadMaster CSRF via Authenticated Admin (CVE-2024-2449)
CVE-2024-2449
7.5 - High
- March 22, 2024
A cross-site request forgery vulnerability has been identified in LoadMaster. It is possible for a malicious actor, who has prior knowledge of the IP or hostname of a specific LoadMaster, to direct an authenticated LoadMaster administrator to a third-party site. In such a scenario, the CSRF payload hosted on the malicious site would execute HTTP transactions on behalf of the LoadMaster administrator.
Session Riding
LoadMaster OS: Authenticated UI OS Command Injection
CVE-2024-2448
8.8 - High
- March 22, 2024
An OS command injection vulnerability has been identified in LoadMaster. An authenticated UI user with any permission settings may be able to inject commands into a UI component using a shell command resulting in OS command injection.
Shell injection
LoadMaster mgmt interface cmd injection: arbitrary system exec
CVE-2024-1212
10 - Critical
- February 21, 2024
Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution.
Shell injection
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Progress Loadmaster or by Progress? Click the Watch button to subscribe.
