Home

Description

Authentication bypass by primary weakness vulnerability in Progress Software MOVEit Automation allows Authentication Bypass. This issue affects MOVEit Automation: from 2025.0.0 before 2025.0.9, from 2024.0.0 before 2024.1.8, versions prior to 2024.0.0.

PUBLISHED Reserved 2026-03-23 | Published 2026-04-30 | Updated 2026-05-01 | Assigner ProgressSoftware




CRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-305 Authentication bypass by primary weakness

Product status

Default status
unaffected

2025.0.0 (semver) before 2025.0.9
affected

2024.0.0 (semver) before 2024.1.8
affected

Any version before 2024.0.0
affected

Credits

Airbus SecLab finder

Anaïs Gantet finder

Delphine Gourdou finder

Quentin Liddell finder

Matteo Ricordeau finder

References

community.progress.com/...l-2026-CVE-2026-4670-CVE-2026-5174 vendor-advisory

cve.org (CVE-2026-4670)

nvd.nist.gov (CVE-2026-4670)

Download JSON