Progress warns of critical MOVEit Automation auth bypass flaw
Source: Bleeping Computer
Summary
Progress Software warned customers to patch a critical authentication bypass vulnerability in its MOVEit Automation enterprise‑grade managed file transfer (MFT) application.
MOVEit Automation automates complex data workflows without requiring manual scripting and serves as a central automation orchestrator to schedule and manage file transfers between different systems, including local servers, cloud storage, and external partners.
Vulnerability Details
The flaw is tracked as CVE‑2026‑4670 and affects MOVEit Automation versions prior to:
- 2025.1.5
- 2025.0.9
- 2024.1.8
Remote threat actors can exploit it without privileges on the targeted systems in low‑complexity attacks that do not require user interaction.
“We have addressed the vulnerability and the Progress MOVEit Automation team strongly recommends performing an upgrade to the latest version,” the company says in a Thursday advisory. “Upgrading to a patched release, using the full installer, is the only way to remediate this issue. There will be an outage to the system while the upgrade is running.”
— Progress advisory
Additional Security Update
On the same day, Progress released updates for a high‑severity privilege‑escalation vulnerability CVE‑2026‑5174, which stems from improper input validation in the same software.
Exposure Landscape
A Shodan search shared by cybersecurity consultant Daniel Card identified:
- Over 1,400 MOVEit Automation instances exposed online
- More than a dozen linked to U.S. local and state government agencies
There is currently no public information on how many of these systems have been secured against CVE‑2026‑4670.
Historical Context
While this specific issue has not yet been reported as exploited in the wild, other MOVEit MFT vulnerabilities have been actively targeted:
- Clop ransomware gang leveraged a zero‑day in the MOVEit Transfer platform in 2023, affecting more than 2,100 organizations and over 62 million individuals (BleepingComputer; Emsisoft).
- Similar attacks have targeted flaws in Accellion FTA, SolarWinds Serv‑U, Gladinet CentreStack, GoAnywhere MFT, and Cleo.
Adoption
Progress Software states that its MOVEit MFT solutions are used by more than 3,000 enterprise organizations and over 100,000 users worldwide.