CybersecurityVulnerability Management

Progress Warns of MOVEit Automation Authentication Bypass Flaw

Analyst 207||Source: BleepingComputer
Secure server room with prominent terminal display.

"We have addressed the vulnerability and the Progress MOVEit Automation team strongly recommends performing an upgrade to the latest version," Progress Software said in a Thursday advisory.

CVE-2026-4670 and CVE-2026-5174: the technical picture

Progress Software disclosed a critical authentication-bypass vulnerability in its MOVEit Automation managed file transfer (MFT) product, tracked as CVE-2026-4670. The flaw affects MOVEit Automation versions released before 2025.1.5, 2025.0.9, and 2024.1.8. According to Progress, remote threat actors can exploit CVE-2026-4670 without privileges on targeted systems in low-complexity attacks that do not require user interaction.

On the same day, Progress issued updates for a separate, high-severity privilege escalation vulnerability, CVE-2026-5174, which the company attributes to an improper input validation weakness in the same software.

Progress Software advisory: upgrade with the full installer; expect an outage

Progress explicitly states that upgrading to a patched release using the full installer is the only way to remediate CVE-2026-4670. The company warned customers that the remediation process will cause an outage while the upgrade runs. That advisory is the central mitigation direction in the bulletin; no alternative remediation or temporary workaround is cited in the company notice.

Public exposure: over 1,400 internet-facing MOVEit Automation instances

A Shodan search shared by PwnDefend cybersecurity consultant Daniel Card found more than 1,400 MOVEit Automation instances exposed online. Card's search linked over a dozen of those internet-facing systems to U.S. state and local government agencies. Progress has not reported that these specific instances are compromised, and there is no public information in the advisory about how many of the exposed systems have already been secured against CVE-2026-4670.

Context: MFT software as a recurring target and the Clop precedent

Progress has not flagged either new vulnerability as exploited in the wild, but the company and outside commentators noted precedent for aggressive targeting of MFT products. In 2023 the Clop ransomware gang exploited a zero-day in the MOVEit Transfer secure file transfer platform in a campaign that Emsisoft estimated affected more than 2,100 organizations and over 62 million individuals. The advisory also places MOVEit among a list of MFT and file-transfer platforms previously targeted in Clop and similar data-theft campaigns, including Accellion FTA, SolarWinds Serv-U, Gladinet CentreStack, GoAnywhere MFT, and Cleo.

Progress notes that its MOVEit MFT solutions are used by more than 3,000 enterprise organizations and over 100,000 users worldwide — numbers that underline why authentication bypass and privilege escalation flaws in these products draw heightened attention.

What this means for U.S. state and local governments, enterprise customers, and security teams

  • U.S. state and local governments: More than a dozen internet-facing MOVEit Automation instances identified by Daniel Card are linked to state and local agencies. Those agencies will need to confirm whether they run affected versions and schedule the full-installer upgrade that Progress recommends, accepting that the fix will cause an operational outage.
  • Enterprise customers and procurement leaders: Organizations using MOVEit Automation — part of a product family Progress says serves over 3,000 enterprises — must prioritize the version cutoff (versions before 2025.1.5, 2025.0.9, and 2024.1.8) and plan downtime for the full-installer upgrade to remediate the authentication bypass and the input-validation privilege escalation issue.
  • Security teams and operators: Because CVE-2026-4670 can be exploited without privileges and requires no user interaction, defenders should assume a higher urgency for patching. Progress has not reported confirmed exploitation in the wild, and the company’s advisory does not provide alternative mitigations beyond the full update path.

Progress’s advisory sets concrete next steps — perform the full-installer upgrade and accept an outage — but it leaves a key operational question open: how many of the more than 1,400 internet-exposed MOVEit Automation instances are still running vulnerable versions? Progress has not reported exploitation, and the public record accompanying the advisory does not answer that question.

Read the original Progress advisory and reporting here: https://www.bleepingcomputer.com/news/security/moveit-automation-customers-warned-to-patch-critical-auth-bypass-flaw/

Authentication BypassEmerging ThreatsSupply ChainVulnerabilityMoveit AutomationCVE-2026-4670Managed File TransferProgress SoftwareMFT
Related Intelligence

Continue Reading

Government building with futuristic device and abstract shape in background.

US Accelerates Post-Quantum Encryption Migration with New Executive Orders

The US government is taking a giant leap towards securing its digital future with two new executive orders, accelerating the migration to post-quantum encryption and boosting support for the domestic quantum computing industry. This move is a timely and crucial step forward, as echoed by IBM CEO Arvind Krishna, who applauded the administration's proactive approach.

Analyst 207
Network operations environment with servers, routers, and cables, showing a data stream being intercepted.

Cloud Providers' Global Namespace Flaw Enables Bucket Hijacking

A newly discovered flaw in cloud providers' global namespace has been exploited in a simple yet powerful bucket hijacking technique, allowing attackers to redirect sensitive data streams into their own accounts. This alarming vulnerability affects multiple services across major cloud providers.

Analyst 207
Developer working on laptop in modern coding lab with multiple monitors and code on screen.

OpenAI Unveils GPT-5.5-Cyber to Accelerate Vulnerability Patching

Meet GPT-5.5-Cyber, OpenAI's latest game-changer in vulnerability patching, designed to supercharge security teams by rapidly identifying and fixing software vulnerabilities in large codebases. This cutting-edge model is the strongest yet for finding and helping patch software vulnerabilities, accelerating discovery, validation, and remediation like never before.

Analyst 207
Developer workstation with laptop and terminal window, surrounded by notes and coffee cups, in a busy software development…

Tool Exposes Stale AI Overrides in JavaScript Ecosystem

Discover how a simple oversight in your JavaScript ecosystem can leave you vulnerable to security threats, and learn how the CVE Lite CLI tool can help you identify and fix stale AI overrides. This free, OWASP-endorsed dependency scanner provides actionable vulnerability fixes and keeps your projects secure.

Analyst 207