Progress Releases Patch for MOVEit Automation — Authentication Bypass Fixed

Colleagues, a cybersecurity notice: Progress has released updates for MOVEit Automation addressing a critical authentication bypass vulnerability.
Key points:
- CVE‑2026‑4670 (CVSS 9.8, authentication bypass) and CVE‑2026‑5174 (CVSS 7.7, improper validation, privilege escalation). Reported by Airbus SecLab.
- Affected versions: ≤2025.1.4 / ≤2025.0.8 / ≤2024.1.7 — fixes available in 2025.1.5 / 2025.0.9 / 2024.1.8.
- No public working exploits known — update as soon as possible. Progress does not report active exploitation, but MOVEit vulnerabilities have been used by ransomware in the past.
Why it matters: these flaws may allow unauthorized access, administrative control and data exfiltration.
Have you updated MOVEit?
#cybersecurity #dataprotection #patching #vulnerabilities


Latest comments
No comments yet.