CVE-2026-8487

Description

Incorrect default permissions vulnerability in Progress Software MOVEit Automation allows Retrieve Embedded Sensitive Data. This issue affects MOVEit Automation: before 2025.0.11, from 2025.1.0 before 2025.1.7.

PUBLISHED Reserved 2026-05-13 | Published 2026-05-20 | Updated 2026-05-20 | Assigner ProgressSoftware

Problem types

CWE-276 Incorrect default permissions

Product status

Credits

Airbus SecLab finder

Anaïs Gantet finder

Delphine Gourdou finder

Quentin Liddell finder

Matteo Ricordeau finder

References

docs.progress.com/...-notes-2026/page/Fixed-Issues-2026.html vendor-advisory

cve.org (CVE-2026-8487)

nvd.nist.gov (CVE-2026-8487)

Download JSON