Home

Description

Improper Neutralization of Special Elements in Data Query Logic vulnerability in Progress MOVEit Transfer (Custom Reports modules). This issue affects MOVEit Transfer: from 2025.0.0 before 2025.0.8, from 2025.1.0 before 2025.1.4, from 2026.0.0 before 2026.0.1.

PUBLISHED Reserved 2026-06-02 | Published 2026-07-08 | Updated 2026-07-09 | Assigner ProgressSoftware




HIGH: 7.2CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-943 Improper Neutralization of Special Elements in Data Query Logic

Product status

Default status
unaffected

2025.0.0 (semver) before 2025.0.8
affected

2025.1.0 (semver) before 2025.1.4
affected

2026.0.0 (semver) before 2026.0.1
affected

Credits

Mateusz Mieczkowski finder

References

community.progress.com/...itical-Security-Bulletin-June-2026 vendor-advisory

cve.org (CVE-2026-10698)

nvd.nist.gov (CVE-2026-10698)

Download JSON