Ddos 
Progress Software has issued an urgent security bulletin for MOVEit Automation users, disclosing two significant vulnerabilities that could allow attackers to seize administrative control over the platform. The most severe flaw, CVE-2026-4670, carries a CVSS score of 9.8, signaling a critical risk to data integrity and system security.
The vulnerabilities reside within the service backend command port interfaces, creating a direct path for unauthorized actors to bypass security protocols.
The April 2026 advisory highlights two distinct but related issues that impact how the system handles identity and input:
- Critical Authentication Bypass (CVE-2026-4670): With a CVSS score of 9.8, this “primary weakness” vulnerability allows an attacker to bypass authentication entirely. Exploitation grants the actor access to the service without requiring valid credentials.
- High-Severity Privilege Escalation (CVE-2026-5174): This flaw, rated 7.7, stems from improper input validation. It allows a user with existing access to elevate their permissions, potentially gaining full administrative control over the environment.
Successful exploitation of these flaws may lead to administrative control and significant data exposure. Administrators are advised to monitor audit logs for the following anomalies:
- Unexpected privilege escalation for standard user accounts.
- Unauthorized access attempts or successful logins from unknown sources.
- Anomalous activity within the service backend interfaces.
The vulnerabilities impact a broad range of MOVEit Automation releases, including versions prior to 2024.0.0. Users should immediately verify their current version via the Web Admin under Help > About.
| Affected Versions | Fixed Version | Documentation |
| MOVEit Automation 2025.1.4 (17.1.4) and earlier | MOVEit Automation 2025.1.5 | https://docs.progress.com/bundle/moveit-automation-install-2025/page/Upgrade-MOVEit-Automation.html |
| MOVEit Automation 2025.0.8 (17.0.8) and earlier | MOVEit Automation 2025.0.9 | https://docs.progress.com/bundle/moveit-automation-install-2025/page/Upgrade-MOVEit-Automation.html |
| MOVEit Automation 2024.1.7 (16.1.7) and earlier | MOVEit Automation 2024.1.8 | https://docs.progress.com/bundle/moveit-automation-install-2024/page/Upgrade-MOVEit-Automation.html |
Progress Software has stated that upgrading to a patched release using the full installer is the only way to remediate these issues. Administrators should be prepared for a scheduled system outage while the upgrade process is running.
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
