Home

Description

Improper Neutralization of Special Elements in Data Query Logic vulnerability in Progress MOVEit Transfer (Custom Reports modules). This issue affects MOVEit Transfer: before 2025.0.7, from 2025.1.0 before 2025.1.3.

PUBLISHED Reserved 2026-05-15 | Published 2026-07-08 | Updated 2026-07-09 | Assigner ProgressSoftware




MEDIUM: 6.4CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

Problem types

CWE-943 Improper Neutralization of Special Elements in Data Query Logic

Product status

Default status
unaffected

2025.1.0 (semver) before 2025.1.3
affected

Any version before 2025.0.7
affected

Credits

Niv Levy finder

References

docs.progress.com/...tes-2026/page/Fixed-Issues-in-2026.html

cve.org (CVE-2026-8649)

nvd.nist.gov (CVE-2026-8649)

Download JSON