{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/loadmaster/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["LoadMaster","MOVEit WAF"],"_cs_severities":["high"],"_cs_tags":["vulnerability","code-execution","security-bypass"],"_cs_type":"advisory","_cs_vendors":["Kemp","Progress Software"],"content_html":"\u003cp\u003eMultiple vulnerabilities have been identified in Kemp LoadMaster and Progress Software MOVEit WAF. An attacker can exploit these vulnerabilities to execute arbitrary program code or bypass existing security measures. These vulnerabilities pose a significant risk to organizations using these products, as successful exploitation could lead to unauthorized access, data breaches, or system compromise. Defenders should apply appropriate patches and mitigations to prevent exploitation. The specific nature and impact of each vulnerability are detailed in vendor advisories.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies an exploitable vulnerability in Kemp LoadMaster or Progress MOVEit WAF.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious request or payload specifically designed to trigger the vulnerability.\u003c/li\u003e\n\u003cli\u003eThe attacker sends the malicious request to the targeted LoadMaster or MOVEit WAF instance.\u003c/li\u003e\n\u003cli\u003eThe vulnerable software processes the malicious request, leading to code execution.\u003c/li\u003e\n\u003cli\u003eThe attacker gains unauthorized access to the system, potentially escalating privileges.\u003c/li\u003e\n\u003cli\u003eThe attacker uses the compromised system to move laterally within the network.\u003c/li\u003e\n\u003cli\u003eThe attacker executes further commands to install malware or exfiltrate sensitive data.\u003c/li\u003e\n\u003cli\u003eThe attacker achieves their final objective, such as data theft, system disruption, or ransomware deployment.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of these vulnerabilities can lead to a range of damaging consequences. Attackers could gain unauthorized access to sensitive data, disrupt critical business operations, or deploy ransomware, leading to significant financial losses and reputational damage. The number of potential victims is significant, as both Kemp LoadMaster and Progress MOVEit WAF are widely used in various sectors.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eInvestigate and apply the latest security patches for Kemp LoadMaster to mitigate code execution vulnerabilities (refer to vendor advisories).\u003c/li\u003e\n\u003cli\u003eInvestigate and apply the latest security patches for Progress Software MOVEit WAF to prevent security bypass (refer to vendor advisories).\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect Possible MOVEit WAF Security Bypass\u0026rdquo; to identify potential exploitation attempts (see rule below).\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect Possible Kemp LoadMaster Code Execution\u0026rdquo; to identify potential exploitation attempts (see rule below).\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-22T07:25:37Z","date_published":"2026-05-22T07:25:37Z","id":"https://feed.craftedsignal.io/briefs/2026-05-kemp-moveit-vulns/","summary":"Multiple vulnerabilities in Kemp LoadMaster and Progress Software MOVEit WAF could allow an attacker to execute arbitrary code or circumvent security measures.","title":"Kemp LoadMaster and Progress Software MOVEit WAF: Multiple Vulnerabilities","url":"https://feed.craftedsignal.io/briefs/2026-05-kemp-moveit-vulns/"}],"language":"en","title":"CraftedSignal Threat Feed — LoadMaster","version":"https://jsonfeed.org/version/1.1"}