Progress Patches Critical MOVEit Automation Bug Enabling Authentication Bypass
Progress Patches Critical MOVEit Automation Bug Enabling Authentication Bypass — Ravie LakshmananMay 04, 2026Vulnerability / Enterprise Software [https://bl
What’s new: Progress Software has released patches for two vulnerabilities in MOVEit Automation, including a critical authentication bypass vulnerability (CVE-2026-4670, CVSS score: 9.8) and an improper input validation vulnerability (CVE-2026-5174, CVSS score: 7.7). These flaws could allow unauthorized access and privilege escalation through the service backend command port interfaces.
Who’s affected
The vulnerabilities affect the following versions of MOVEit Automation:
- MOVEit Automation <= 2025.1.4 (Fixed in MOVEit Automation 2025.1.5)
- MOVEit Automation <= 2025.0.8 (Fixed in MOVEit Automation 2025.0.9)
- MOVEit Automation <= 2024.1.7 (Fixed in MOVEit Automation 2024.1.8)
What to do
- Upgrade to the latest versions of MOVEit Automation as specified above to mitigate the vulnerabilities.
- Monitor for any unusual activity that may indicate exploitation attempts.
