CyberHappenings logo
Home Browse Watchlists Experimental About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Critical Authentication Bypass in Progress MOVEit Automation RCE Vectors Exposed

First reported
Last updated
1 unique sources, 1 articles

Summary

Hide ▲

A critical authentication bypass vulnerability (CVE-2026-4670) in Progress MOVEit Automation allows remote, unauthenticated attackers to bypass authentication mechanisms and execute arbitrary actions on vulnerable systems. The flaw impacts versions prior to 2025.1.5, 2025.0.9, and 2024.1.8, enabling low-complexity attacks without privileges or user interaction. Exploitation can lead to full system compromise, data exfiltration, or lateral movement within affected environments. MOVEit Automation functions as an enterprise-grade managed file transfer (MFT) orchestrator, automating complex data workflows across local servers, cloud storage, and external partners. The vendor has released patched versions and recommends immediate upgrades via full installer installations, noting system outages during the process.

Timeline

  1. 04.05.2026 15:18 1 articles · 1h ago

    Critical MOVEit Automation authentication bypass (CVE-2026-4670) disclosed and patched

    Progress Software disclosed and patched CVE-2026-4670, a critical authentication bypass vulnerability in MOVEit Automation. The flaw allows remote, unauthenticated attackers to bypass authentication mechanisms and execute arbitrary actions without privileges or user interaction. Upgrades to patched versions (2025.1.5+, 2025.0.9+, 2024.1.8+) via full installer are required, with system outages expected during the process. A high-severity privilege escalation vulnerability (CVE-2026-5174) was also addressed in the same updates. Over 1,400 exposed instances were identified, including multiple U.S. government-linked systems.

    Show sources
    Open in new tab

Information Snippets

  • CVE-2026-4670 is a critical authentication bypass in Progress MOVEit Automation affecting versions before 2025.1.5, 2025.0.9, and 2024.1.8.

    First reported: 04.05.2026 15:18
    1 source, 1 article
    Show sources

  • The vulnerability enables remote, unauthenticated attackers to bypass authentication without privileges in low-complexity attacks that require no user interaction.

    First reported: 04.05.2026 15:18
    1 source, 1 article
    Show sources

  • Exploitation of CVE-2026-4670 could result in full system compromise, unauthorized data access, or lateral movement within affected MOVEit Automation deployments.

    First reported: 04.05.2026 15:18
    1 source, 1 article
    Show sources

  • Progress Software recommends upgrading to patched versions using the full installer, which requires system outages during the upgrade process.

    First reported: 04.05.2026 15:18
    1 source, 1 article
    Show sources

  • A separate high-severity privilege escalation vulnerability (CVE-2026-5174) due to improper input validation was also addressed in the same security updates.

    First reported: 04.05.2026 15:18
    1 source, 1 article
    Show sources

  • Shodan scans indicate over 1,400 exposed MOVEit Automation instances, including more than a dozen linked to U.S. local and state government agencies.

    First reported: 04.05.2026 15:18
    1 source, 1 article
    Show sources

  • Progress MOVEit MFT solutions are used by over 3,000 enterprise organizations and 100,000 users globally.

    First reported: 04.05.2026 15:18
    1 source, 1 article
    Show sources