Progress Software security patch release for CVE-2026-4670
Security Patch Release
Summary
Hide ▲
Show ▼
Progress Software has released MOVEit Automation updates to fix CVE-2026-4670 and CVE-2026-5174, including a critical authentication bypass that could expose enterprise file-transfer systems. The flaws affect MOVEit Automation <= 2025.1.4, <= 2025.0.8, and <= 2024.1.7, with fixed builds now available. Progress says the bugs could enable unauthorized access, administrative control, and data exposure through the service backend command port interfaces. There are no workarounds, so affected users need to install the patched releases quickly.
Related Happenings
Ivanti security patch release for CVE-2026-8043
Security Patch Release
First: 18.05.2026 13:54
Last: 18.05.2026 13:54
Sources 1
About this happening:
**Ivanti, Fortinet, SAP, Broadcom, and n8n** released **security fixes** on **2026-05-18** for flaws that could enable **authentication bypass**, **remote code execution**, **SQL...
Ivanti security patch release for CVE-2026-8043
Security Patch ReleaseAbout this happening: **Ivanti, Fortinet, SAP, Broadcom, and n8n** released **security fixes** on **2026-05-18** for flaws that could enable **authentication bypass**, **remote code execution**, **SQL...
Avada Builder 3.15.3 patch release (CVE-2026-4782, CVE-2026-4798)
Security Patch Release
First: 15.05.2026 18:56
Last: 15.05.2026 18:56
Sources 1
About this happening:
**Avada Builder** shipped **version 3.15.3** as the full fix for **CVE-2026-4782** and **CVE-2026-4798**, closing the plugin flaws that could expose files and database data. A pri...
Avada Builder 3.15.3 patch release (CVE-2026-4782, CVE-2026-4798)
Security Patch ReleaseAbout this happening: **Avada Builder** shipped **version 3.15.3** as the full fix for **CVE-2026-4782** and **CVE-2026-4798**, closing the plugin flaws that could expose files and database data. A pri...
Linux kernel Dirty Frag patch release (CVE-2026-43284, CVE-2026-43500)
Security Patch Release
First: 11.05.2026 17:30
Last: 11.05.2026 17:30
Sources 1
About this happening:
**Major Linux distributions** are rolling out fixes for **Dirty Frag**, the **Linux kernel** patch release that covers **CVE-2026-43284** and **CVE-2026-43500**. The update matter...
Linux kernel Dirty Frag patch release (CVE-2026-43284, CVE-2026-43500)
Security Patch ReleaseAbout this happening: **Major Linux distributions** are rolling out fixes for **Dirty Frag**, the **Linux kernel** patch release that covers **CVE-2026-43284** and **CVE-2026-43500**. The update matter...
Linux kernel security update for Copy Fail (CVE-2026-31431)
Security Patch Release
First: 30.04.2026 16:54
Last: 30.04.2026 16:54
Sources 1
About this happening:
**Linux kernel** maintainers have fixed **CVE-2026-31431** and are rolling out updates to close a **local privilege escalation** flaw that lets an unprivileged attacker gain **roo...
Linux kernel security update for Copy Fail (CVE-2026-31431)
Security Patch ReleaseAbout this happening: **Linux kernel** maintainers have fixed **CVE-2026-31431** and are rolling out updates to close a **local privilege escalation** flaw that lets an unprivileged attacker gain **roo...
PackageKit 1.3.5 security update (CVE-2026-41651)
Security Patch Release
First: 24.04.2026 20:28
Last: 24.04.2026 20:28
Sources 1
About this happening:
**PackageKit version 1.3.5** was released to fix **CVE-2026-41651**, closing a **local privilege-escalation** path that could let Linux users gain **root permissions**. The update...
PackageKit 1.3.5 security update (CVE-2026-41651)
Security Patch ReleaseAbout this happening: **PackageKit version 1.3.5** was released to fix **CVE-2026-41651**, closing a **local privilege-escalation** path that could let Linux users gain **root permissions**. The update...
Timeline
-
04.05.2026 19:34 2 articles · 23d ago
Progress Software patches MOVEit Automation authentication bypass
Mitigation Patch UpdateProgress Software released updates for MOVEit Automation to fix CVE-2026-4670 and CVE-2026-5174, including a critical authentication bypass and an improper input validation flaw that could enable privilege escalation. Progress said exploitation could lead to unauthorized access, administrative control, and data exposure through the service backend command port interfaces, and that no workaround resolves the issues. The affected releases were MOVEit Automation <= 2025.1.4, <= 2025.0.8, and <= 2024.1.7, with fixed builds 2025.1.5, 2025.0.9, and 2024.1.8 available. Airbus SecLab researchers Anaïs Gantet, Delphine Gourdou, Quentin Liddell, and Matteo Ricordeau were credited with discovering and reporting the two vulnerabilities.
Show sources
- Progress Patches Critical MOVEit Automation Bug Enabling Authentication Bypass — thehackernews.com — 04.05.2026 19:34
- Progress Patches Critical MOVEit Automation Bug Enabling Authentication Bypass — thehackernews.com — 04.05.2026 19:34