Latest Progress MOVEit Automation vulnerabilities: CVE-2026-4670 and CVE-2026-5174 #
Progress Software has disclosed that certain versions of MOVEit Automation are susceptible to two vulnerabilities within the service backend command port interfaces.
- CVE-2026-4670: An authentication bypass vulnerability that allows a remote, unauthenticated attacker to gain unauthorized access to the system. This vulnerability has been designated CVE-2026-4670 and has been rated critical with a CVSS score of 9.8.
- CVE-2026-5174: An improper input validation vulnerability that allows a remote, low-privileged attacker to elevate their privileges. This vulnerability has been designated CVE-2026-5174 and has been rated high with a CVSS score of 7.7.
The following versions are affected:
- MOVEit Automation: Version 2024.1.7 (16.1.7) and prior
- MOVEit Automation: Version 2025.0.8 (17.0.8) and prior
- MOVEit Automation: Version 2025.1.4 (17.1.4) and prior (Affected by CVE-2026-5174 only)
What is Progress MOVEit Automation? #
Progress MOVEit Automation is a managed file transfer (MFT) orchestration tool used to automate the scheduled or event-driven movement and processing of data between disparate servers, cloud storage environments, and applications via a centralized management interface.
What is the impact? #
Successful exploitation of these vulnerabilities could allow an attacker to gain unauthorized access, obtain administrative control, or expose sensitive data.
Are updates or workarounds available? #
Users are encouraged to update to the latest version as quickly as possible:
- MOVEit Automation 2024.x.x and prior: Upgrade to 2024.1.8 or later.
- MOVEit Automation 2025.0.x: Upgrade to 2025.0.9 or later.
- MOVEit Automation 2025.1.x: Upgrade to 2025.1.5 or later.
How to find potentially vulnerable systems with runZero #
From the Service inventory, use the following query to locate potentially impacted assets:
_asset.protocol:http AND protocol:http AND (html.title:="MOVEit Automation%" OR last.html.title:="MOVEit Automation%")
