Back

Critical MOVEit Automation Vulnerabilities Discovered

Severity: High (Score: 76.0)

Sources: Bleepingcomputer, www.emsisoft.com, Cybersecuritynews, community.progress.com

Summary

Progress Software has issued a critical advisory regarding an authentication bypass vulnerability in its MOVEit Automation platform, tracked as CVE-2026-4670. This flaw affects versions prior to 2025.1.5, 2025.0.9, and 2024.1.8, allowing remote attackers to exploit the vulnerability without requiring user interaction. Additionally, a high-severity privilege escalation vulnerability, CVE-2026-5174, was also disclosed. Over 1,400 MOVEit Automation instances are exposed online, with many linked to U.S. government agencies. Progress Software recommends upgrading to the latest version to remediate the vulnerabilities, which will require system downtime. The vulnerabilities have not yet been reported as actively exploited in the wild, but previous MOVEit vulnerabilities have been targeted by ransomware groups. The MOVEit MFT solutions are used by over 3,000 organizations globally, making them a significant target for cyber threats. Key Points: • CVE-2026-4670 allows remote authentication bypass in MOVEit Automation. • Over 1,400 MOVEit instances are exposed online, including U.S. government systems. • Progress Software recommends immediate upgrades to mitigate the vulnerabilities.

Key Entities

  • Data Breach (attack_type)
  • Phishing (attack_type)
  • Ransomware (attack_type)
  • Zero-day Exploit (attack_type)
  • Ta505 (apt_group)
  • Accellion (platform)
  • MOVEit Automation (platform)
  • SolarWinds Serv-U (platform)
  • Comreg (company)
  • GoAnywhere MFT (company)
  • National Student Clearinghouse (company)
  • Ofcom (company)
  • PBI Research Services (company)
  • Canada (country)
  • Germany (country)
  • CVE-2023-34362 (cve)
  • CVE-2023-35036 (cve)
  • CVE-2023-35708 (cve)
  • CVE-2026-4670 (cve)
  • CVE-2026-5174 (cve)
  • CWE-20 - Improper Input Validation (cwe)
  • CWE-269 - Improper Privilege Management (cwe)
  • CWE-287 - Improper Authentication (cwe)
  • Financial (industry)
  • Government (industry)
  • T1068 - Exploitation for Privilege Escalation (mitre_attack)
  • T1190 - Exploit Public-Facing Application (mitre_attack)
  • T1566 - Phishing (mitre_attack)
  • T1567 - Exfiltration Over Web Service (mitre_attack)
  • Moveit (vulnerability)
  • Cl0p (ransomware_group)
  • Clop (ransomware_group)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed