eSentire’s Threat Response Unit published an advisory today confirming that its detection capabilities observed exploitation attempts against CVE-2026-8037 in Progress Kemp LoadMaster starting June 29, 2026. watchTowr Labs published its detailed technical write-up on June 29 as well, meaning that in-the-wild exploitation began on the same day that comprehensive public technical details became available.
CVE-2026-8037 is a pre-authentication OS command injection flaw in the LoadMaster API. The root cause, documented in detail by watchTowr, is a combination of uninitialized heap memory and a missing null terminator in the escape_quotes() function that is meant to sanitize user input before it is passed to a shell command. When an attacker sends a crafted request to the /accessv2 API endpoint, injected commands bypass the sanitization and execute on the appliance with root privileges. No authentication is required. The affected versions are GA v7.2.63.1 and earlier and LTSF v7.2.54.17 and earlier. Progress published its advisory and patch on June 4, 2026, 25 days before the exploitation activity began.
This is the second critical LoadMaster vulnerability to be actively exploited within the last two years. CVE-2024-1212, a previous LoadMaster command injection flaw rated CVSS 10.0, was added to the CISA Known Exploited Vulnerabilities catalog after confirmed exploitation in November 2024.
- Patch Kemp LoadMaster to the fixed versions immediately. Affects GA release v7.2.63.1 and earlier and LTSF release v7.2.54.17 and earlier. Exploitation is confirmed active.
- If patching cannot happen immediately, block external access to the /accessv2 API endpoint at the network perimeter and restrict the LoadMaster management interface to internal trusted networks only. Removing external API exposure eliminates the attack surface for this specific flaw.
- Audit LoadMaster access logs for unexpected API requests, particularly to /accessv2, from external IP addresses or at unusual hours. These may indicate prior exploitation attempts before your organization became aware of the confirmation.
Starting with the Cursor 2.x release line, Cursor runs terminal commands issued by its AI agent inside a sandbox designed to restrict what those commands can touch, preventing a rogue instruction from causing broad system damage. DuneSlide is named for the two techniques used to escape that sandbox through prompt injection.
CVE-2026-50548 exploits a configuration parameter. The Cursor sandbox permits write access to the working directory of any command it runs. That directory is specified by an optional parameter, working_directory, on Cursor’s run_terminal_cmd tool, and the value of that parameter is controlled by the AI agent rather than locked down by the sandbox. An attacker-controlled payload delivered via MCP server response or web search result instructs the agent to set working_directory to an arbitrary path outside the project, such as /Applications/Cursor.app/Contents/Resources/app/resources/helpers/cursorsandbox. The sandbox, seeing a write to the designated working directory, permits it. Overwriting cursorsandbox with attacker-controlled content removes sandbox restrictions for all subsequent commands in the session.
CVE-2026-50549 exploits a fallback in Cursor’s path validation logic. Before writing a file, Cursor attempts to resolve symlinks and verify the real target sits inside the project directory. When that verification fails, because the target does not exist or the attacker removes read access to a directory in the path, Cursor falls back to trusting the original, unvalidated symlink path. Injected instructions create a symlink inside the project pointing to an external target, then trigger the failure condition to bypass the validation and write to the external path.
Both flaws were patched in Cursor 3.0, released April 2, 2026. All versions before 3.0 are affected. Cato AI Labs confirmed that the attack is triggered with zero user interaction beyond issuing a normal development prompt that causes the agent to read attacker-controlled content.
- Update Cursor IDE to version 3.0 or later. All versions before 3.0 are affected by both CVE-2026-50548 and CVE-2026-50549. Cursor auto-updates for most users.
- For organizations managing developer workstations, confirm the installed Cursor version across your fleet, since the attack could compromise developer machines and pivot to cloud credentials and connected SaaS workspaces.
- This is the fifth AI coding tool MCP or agent trust boundary issue documented in this brief since May. Review whether other AI IDE tools in your development environment have been updated to versions that incorporate MCP trust boundary fixes.
Adobe published emergency security bulletin APSB26-68 on June 30, 2026 covering 11 vulnerabilities in Adobe ColdFusion 2025 and ColdFusion 2023. Six of the flaws carry the maximum CVSS score of 10.0. CVE-2026-48276 and CVE-2026-48283 are unrestricted file upload vulnerabilities that allow an unauthenticated attacker to upload and execute malicious files on the server. CVE-2026-48277, CVE-2026-48281, and CVE-2026-48316 are improper input validation flaws that each enable arbitrary code execution through malformed request handling. CVE-2026-48282 is a path traversal vulnerability that leads to arbitrary code execution. All six require no authentication and no user interaction.
Beyond the maximum-severity flaws, the bulletin also addresses CVE-2026-48313, a path traversal enabling arbitrary file system reads at CVSS 9.3, CVE-2026-48315 enabling privilege escalation at CVSS 9.3, CVE-2026-48307 a reflected XSS with code execution at CVSS 8.8, and CVE-2026-48285 an SSRF flaw enabling security feature bypass at CVSS 8.6. Fixes are in ColdFusion 2025 Update 10 and ColdFusion 2023 Update 21. ColdFusion 2021 has reached end of life and receives no security updates.
A separate bulletin covers CVE-2026-48286 in Adobe Campaign Classic, an incorrect authorization vulnerability rated CVSS 10.0 enabling arbitrary code execution. The fix is in Campaign Classic v7.4.3 build 9397. Adobe has not confirmed in-the-wild exploitation of any of these flaws but assigned Priority Rating 1 across all bulletins, indicating imminent exploitation risk.
- Update ColdFusion to 2025 Update 10 or 2023 Update 21 immediately. All versions at ColdFusion 2025 Update 9 and earlier, and ColdFusion 2023 Update 20 and earlier, are affected by all eleven vulnerabilities. Test on a non-production instance first, then deploy to production.
- Update Adobe Campaign Classic to v7.4.3 build 9397 if running an on-premise or hybrid Campaign Classic deployment. The CVE-2026-48286 flaw applies only to on-premise components.
- Block external access to the ColdFusion administrator interface, typically at /CFIDE/administrator, regardless of patch status. ColdFusion administrator exposure to the internet has been a consistent factor in past post-disclosure exploitation campaigns.
- ColdFusion 2021 is at end of life and will not receive a patch for these vulnerabilities. Plan migration off ColdFusion 2021 and isolate any remaining ColdFusion 2021 instances from the internet immediately.