Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

MOVEit Automation authentication bypass (CVE-2026-4670)

Vulnerability
First reported
Last updated
Happening score
H score 23
2 unique sources, 2 articles

Summary

Hide ▲

A critical authentication bypass in MOVEit Automation affects versions before 2025.1.5, 2025.0.9, and 2024.1.8, creating remote access risk for exposed file-transfer systems. Progress Software says the only remediation is to upgrade to a patched release using the full installer, and the upgrade causes a temporary system outage. The flaw is tracked as CVE-2026-4670 and can be exploited without privileges or user interaction.

Related Happenings

Linux distributions mitigation advisories for CVE-2026-31431

Advisory/Mitigation
First: 30.04.2026 12:24 Last: 30.04.2026 12:24 Sources 1

About this happening: Multiple **Linux distributions** released advisories for **CVE-2026-31431**, adding mitigation guidance for a **Linux kernel local privilege escalation** that can let an unprivile...

Open Happening

CISA orders FCEB remediation for CVE-2025-60710

Public Sector Action
First: 15.04.2026 17:51 Last: 15.04.2026 17:51 Sources 1

About this happening: CISA added **CVE-2025-60710** to its **actively exploited** catalog and gave **FCEB agencies** **two weeks** to secure systems under **BOD 22-01**. The move targets a **Windows Ta...

Open Happening

CISA KEV remediation deadline for SolarWinds WHD CVE-2025-40551

Public Sector Action
First: 04.02.2026 07:50 Last: 04.02.2026 07:50 Sources 1

About this happening: **CISA** added **CVE-2025-40551** in **SolarWinds Web Help Desk** to the **KEV catalog** and imposed **federal remediation deadlines**, turning a newly exploited flaw into a compl...

Open Happening

MongoDB Server CVE-2025-14847 mitigation advisory

Advisory/Mitigation
First: 24.12.2025 16:18 Last: 24.12.2025 16:18 Sources 1

About this happening: MongoDB issued an **immediate mitigation advisory** for **CVE-2025-14847**, warning that **MongoDB Server** deployments face a **high-severity memory-read flaw** that **unauthenti...

Open Happening

Howyar Reloader UEFI application Secure Boot bypass flaw (CVE-2024-7344)

Vulnerability
First: 12.09.2025 14:50 Last: 12.09.2025 14:50 Sources 1

About this happening: **HybridPetya** is a newly disclosed **ransomware/bootkit** strain that exploits **CVE-2024-7344** in the **Howyar Reloader UEFI application** to bypass **UEFI Secure Boot** on **...

Open Happening

Timeline

  1. 04.05.2026 15:18 3 articles · 23d ago

    Progress warns MOVEit Automation customers to patch CVE-2026-4670

    Mitigation Patch Update

    Progress Software warns customers to patch a critical authentication bypass in MOVEit Automation, tracked as CVE-2026-4670 and affecting versions before 2025.1.5, 2025.0.9, and 2024.1.8; the company says upgrading to a patched release with the full installer is the only way to remediate the issue, and the upgrade causes a system outage while it runs.

    Show sources
    Open in new tab
  2. 04.05.2026 15:18 3 articles · 23d ago

    Progress warns MOVEit Automation customers to patch CVE-2026-4670

    Mitigation Patch Update

    Progress Software warns customers to patch a critical authentication bypass in MOVEit Automation, tracked as CVE-2026-4670 and affecting versions before 2025.1.5, 2025.0.9, and 2024.1.8; the company says upgrading to a patched release with the full installer is the only way to remediate the issue, and the upgrade causes a system outage while it runs.

    Show sources
    Open in new tab