Ghostwire
Home / Vulnerabilities / CVE-2026-3517

CVE-2026-3517: OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated...

HIGH CVSS 7.5

Published: April 20, 2026 | Last Modified: April 20, 2026

Description

OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “Geo Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the 'addcountry' command

Ghostwire Analysis — What This Means Practically

This analysis is generated by Ghostwire from NVD, CISA KEV, EPSS, and open-source intelligence data. Verify findings through primary sources before acting.

Security Coverage (14 articles)

Tenable CVEs
CVE-2026-3517
 Tenable CVEs
CVE-2026-35179
 Tenable CVEs
CVE-2026-35170
 Tenable CVEs
CVE-2026-35176
 Tenable CVEs
CVE-2026-35178
 Tenable CVEs
CVE-2026-35172
 CVE Feed
CVE-2026-35172 - Distribution has stale blob access resurrection via repo-scoped redis descriptor cache invalidation
 CVE Feed
CVE-2026-35179 - WWBN AVideo Unauthenticated Instagram Graph API Proxy via publishInstagram.json.php
 CVE Feed
CVE-2026-35176 - openFPGALoader has a heap buffer overflow in POFParser::parseSection() via crafted .pof file
 Tenable CVEs
CVE-2026-35177
 Tenable CVEs
CVE-2026-35175
 Tenable CVEs
CVE-2026-35171
 Tenable CVEs
CVE-2026-35173
 Tenable CVEs
CVE-2026-35174

References