CVE-2026-5174 | THREATINT

Description

Improper input validation vulnerability in Progress Software MOVEit Automation allows Privilege Escalation. This issue affects MOVEit Automation: from 2025.1.0 before 2025.1.5, from 2025.0.0 before 2025.0.9, from 2024.0.0 before 2024.1.8, versions prior to 2024.0.0.

PUBLISHED Reserved 2026-03-30 | Published 2026-04-30 | Updated 2026-05-01 | Assigner ProgressSoftware

HIGH: 7.7CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Problem types

CWE-20 Improper input validation

Product status

Default status

unaffected

2025.1.0 (semver) before 2025.1.5

affected

2025.0.0 (semver) before 2025.0.9

affected

2024.0.0 (semver) before 2024.1.8

affected

Any version before 2024.0.0

affected

Credits

Airbus SecLab finder

Anaïs Gantet finder

Delphine Gourdou finder

Quentin Liddell finder

Matteo Ricordeau finder

References

community.progress.com/...l-2026-CVE-2026-4670-CVE-2026-5174 vendor-advisory

cve.org (CVE-2026-5174)

nvd.nist.gov (CVE-2026-5174)

Download JSON