Back

Critical MOVEit Vulnerabilities Expose Organizations to Data Breaches

Severity: High (Score: 74.0)

Sources: Cybersecuritynews, community.progress.com, Cybersecuritydive, Bleepingcomputer, www.emsisoft.com

Summary

Progress Software has issued urgent advisories regarding critical vulnerabilities in its MOVEit Automation platform, specifically CVE-2026-4670 and CVE-2026-5174. These vulnerabilities allow attackers to bypass authentication and escalate privileges, potentially leading to unauthorized access and data exposure. The flaws affect numerous organizations, including U.S. local and state government agencies, with over 1,400 MOVEit Automation instances exposed online. The vulnerabilities were disclosed on April 30, 2026, and require immediate patching to mitigate risks. This follows a significant data breach in 2023, where the Cl0p ransomware gang exploited a zero-day vulnerability in MOVEit, impacting over 2,100 organizations and 62 million individuals. The current situation emphasizes the ongoing risk associated with MOVEit software and the necessity for organizations to update their systems promptly to avoid similar incidents. Key Points: • Critical vulnerabilities in MOVEit Automation allow for authentication bypass and privilege escalation. • Over 1,400 instances of MOVEit Automation are exposed online, including those linked to government agencies. • Organizations are urged to upgrade immediately to mitigate risks associated with these vulnerabilities.

Key Entities

  • Data Breach (attack_type)
  • Phishing (attack_type)
  • Ransomware (attack_type)
  • Zero-day Exploit (attack_type)
  • Ta505 (apt_group)
  • Accellion (platform)
  • MOVEit Automation (platform)
  • SolarWinds Serv-U (platform)
  • Airbus (company)
  • Comreg (company)
  • GoAnywhere MFT (company)
  • National Student Clearinghouse (company)
  • Ofcom (company)
  • Canada (country)
  • Germany (country)
  • CVE-2023-34362 (cve)
  • CVE-2023-35036 (cve)
  • CVE-2023-35708 (cve)
  • CVE-2026-4670 (cve)
  • CVE-2026-5174 (cve)
  • CWE-200 - Exposure of Sensitive Information (cwe)
  • CWE-20 - Improper Input Validation (cwe)
  • CWE-269 - Improper Privilege Management (cwe)
  • CWE-287 - Improper Authentication (cwe)
  • Financial (industry)
  • Government (industry)
  • T1068 - Exploitation for Privilege Escalation (mitre_attack)
  • T1190 - Exploit Public-Facing Application (mitre_attack)
  • T1566 - Phishing (mitre_attack)
  • T1567 - Exfiltration Over Web Service (mitre_attack)
  • Moveit (vulnerability)
  • Cl0p (ransomware_group)
  • Clop (ransomware_group)
  • Shodan (tool)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed