VulnerabilityBleeping Computer
9.8 — CRITICAL
Progress warns of critical MOVEit Automation auth bypass flaw
Progress Software warned customers to patch a critical authentication bypass vulnerability in its MOVEit Automation enterprise-grade managed file transfer (MFT) application. [...]
🤖 AI BriefingAuto-generated threat analysis
🔍Threat Overview
Progress Software has identified two critical vulnerabilities in its MOVEit Automation application, allowing remote attackers to bypass authentication and escalate privileges without user interaction. The vulnerabilities affect over 1,400 exposed instances online, including U.S. local and state government agencies.
⚙️Technical Details
CVEs
CVE-2026-4670CVE-2026-5174Affected Systems: MOVEit Automation versions before 2025.1.5, 2025.0.9, and 2024.1.8Attack Vectors: NETWORK
Affected Systems
MOVEit Automation versions before 2025.1.5, 2025.0.9, and 2024.1.8
Attack Vectors
NETWORK
💥Impact Assessment
Severity: CRITICAL
Who Is at Risk
U.S. local and state government agencies, enterprise organizations using MOVEit Automation, and potentially other affected systems
🛡️Recommended Actions
1Upgrade to the latest version of MOVEit Automation (2025.1.5 or later) as soon as possible
2Use the full installer during upgrades to remediate the issue
3Monitor for suspicious activity and report any potential attacks to Progress Software
📦Affected Products
Progress Software MOVEit Automation
🔐NVD Verified DataVERIFIED
CVE-2026-4670 ↗CVSS 9.8 — CRITICAL
Attack Vector
NETWORK
Complexity
LOW
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HWeaknesses
CWE-305
CVE-2026-5174 ↗CVSS 7.7 — HIGH
Attack Vector
NETWORK
Complexity
LOW
Vector String
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:HWeaknesses
CWE-20
Read the full article
This is a curated summary. The complete article is available at Bleeping Computer.