2026-05-04 00:00
← BackProgress Software has released updates to address two security flaws in MOVEit Automation, including a critical bug that could result in an authentication bypass. MOVEit Automation (formerly Central) is a secure, server-based managed file transfer (MFT) solution used to schedule and automate file movement workflows in enterprise environments without requiring any custom scripts. The vulnerabilities in question areCVE-2026-4670(CVSS score: 9.8), an authentication bypass vulnerability, andCVE-2026-5174(CVSS score: 7.7), an improper input validation vulnerability that could allow privilege escalation. "Critical and high vulnerabilities in MOVEit Automation may allow authentication bypass and privilege escalation through the service backend command port interfaces," Progress Softwaresaidin an advisory. "Exploitation may lead to unauthorized access, administrative control, and data exposure." The shortcomings affect the following versions - Airbus SecLab researchers Anaïs Gantet, Delphine Gourdou, Quentin Liddell, and Matteo Ricordeau have beencreditedwith discovering and reporting the two vulnerabilities. There are no workarounds that resolve the issues. While Progress makes no mention of the flaws being exploited in the wild, it's essential that users apply the fixes as soon as possible for optimal protection, particularly given thatprior flawsinMOVEit Transferhave been exploited by ransomware gangs like Cl0p. Learn how to stop patient zero attacks before they bypass detection...
Progress Software has released updates to address two security flaws in MOVEit Automation, including a critical bug that could result in an authentication bypass. MOVEit Automation (formerly Central) is a secure, server-based managed file transfer (MFT) solution used to schedule and automate file movement workflows in enterprise environments without requiring any custom scripts. The vulnerabilities in question areCVE-2026-4670(CVSS score: 9.8), an authentication bypass vulnerability, andCVE-2026-5174(CVSS score: 7.7), an improper input validation vulnerability that could allow privilege escalation. "Critical and high vulnerabilities in MOVEit Automation may allow authentication bypass and privilege escalation through the service backend command port interfaces," Progress Softwaresaidin an advisory. "Exploitation may lead to unauthorized access, administrative control, and data exposure." The shortcomings affect the following versions - Airbus SecLab researchers Anaïs Gantet, Delphine Gourdou, Quentin Liddell, and Matteo Ricordeau have beencreditedwith discovering and reporting the two vulnerabilities. There are no workarounds that resolve the issues. While Progress makes no mention of the flaws being exploited in the wild, it's essential that users apply the fixes as soon as possible for optimal protection, particularly given thatprior flawsinMOVEit Transferhave been exploited by ransomware gangs like Cl0p. Learn how to stop patient zero attacks before they bypass detection and compromise your systems at entry points.
Learn how to validate real attack paths and reduce exploitable risk with continuous agentic security validation. Get the latest news, expert insights, exclusive resources, and strategies from industry leaders, all for free.