Progress Software security patch release for CVE-2026-4670
Security Patch Release
Summary
Hide ▲
Show ▼
Progress Software has released MOVEit Automation updates to fix CVE-2026-4670 and CVE-2026-5174, including a critical authentication bypass that could expose enterprise file-transfer systems. The flaws affect MOVEit Automation <= 2025.1.4, <= 2025.0.8, and <= 2024.1.7, with fixed builds now available. Progress says the bugs could enable unauthorized access, administrative control, and data exposure through the service backend command port interfaces. There are no workarounds, so affected users need to install the patched releases quickly.
Related Happenings
Progress LoadMaster CVE-2026-8037 patch release
Security Patch Release
H score52
First: 30.06.2026 10:38
Last: 30.06.2026 10:38
Sources 1
About this happening:
**Progress** published fixed **LoadMaster** versions for **CVE-2026-8037**, closing a **pre-auth root command execution** path on appliances with the API enabled. Administrators r...
Progress LoadMaster CVE-2026-8037 patch release
Security Patch ReleaseAbout this happening: **Progress** published fixed **LoadMaster** versions for **CVE-2026-8037**, closing a **pre-auth root command execution** path on appliances with the API enabled. Administrators r...
Veeam security patch release for CVE-2026-44963
Security Patch Release
H score79
First: 09.06.2026 17:27
Last: 09.06.2026 17:27
Sources 1
About this happening:
**Veeam** released security updates for **Veeam Backup & Replication** to fix **CVE-2026-44963**, a critical flaw that could enable **remote code execution** on **domain-joined ba...
Veeam security patch release for CVE-2026-44963
Security Patch ReleaseAbout this happening: **Veeam** released security updates for **Veeam Backup & Replication** to fix **CVE-2026-44963**, a critical flaw that could enable **remote code execution** on **domain-joined ba...
Ivanti security patch release for CVE-2026-8043
Security Patch Release
H score25
First: 18.05.2026 13:54
Last: 18.05.2026 13:54
Sources 1
About this happening:
**Ivanti, Fortinet, SAP, Broadcom, and n8n** released **security fixes** on **2026-05-18** for flaws that could enable **authentication bypass**, **remote code execution**, **SQL...
Ivanti security patch release for CVE-2026-8043
Security Patch ReleaseAbout this happening: **Ivanti, Fortinet, SAP, Broadcom, and n8n** released **security fixes** on **2026-05-18** for flaws that could enable **authentication bypass**, **remote code execution**, **SQL...
Avada Builder 3.15.3 patch release (CVE-2026-4782, CVE-2026-4798)
Security Patch Release
H score21
First: 15.05.2026 18:56
Last: 15.05.2026 18:56
Sources 1
About this happening:
**Avada Builder** shipped **version 3.15.3** as the full fix for **CVE-2026-4782** and **CVE-2026-4798**, closing the plugin flaws that could expose files and database data. A pri...
Avada Builder 3.15.3 patch release (CVE-2026-4782, CVE-2026-4798)
Security Patch ReleaseAbout this happening: **Avada Builder** shipped **version 3.15.3** as the full fix for **CVE-2026-4782** and **CVE-2026-4798**, closing the plugin flaws that could expose files and database data. A pri...
Linux kernel Dirty Frag patch release (CVE-2026-43284, CVE-2026-43500)
Security Patch Release
H score32
First: 11.05.2026 17:30
Last: 11.05.2026 17:30
Sources 1
About this happening:
**Major Linux distributions** are rolling out fixes for **Dirty Frag**, the **Linux kernel** patch release that covers **CVE-2026-43284** and **CVE-2026-43500**. The update matter...
Linux kernel Dirty Frag patch release (CVE-2026-43284, CVE-2026-43500)
Security Patch ReleaseAbout this happening: **Major Linux distributions** are rolling out fixes for **Dirty Frag**, the **Linux kernel** patch release that covers **CVE-2026-43284** and **CVE-2026-43500**. The update matter...
Timeline
-
04.05.2026 19:34 2 articles · 2mo ago
Progress Software patches MOVEit Automation authentication bypass
Mitigation Patch UpdateProgress Software released updates for MOVEit Automation to fix CVE-2026-4670 and CVE-2026-5174, including a critical authentication bypass and an improper input validation flaw that could enable privilege escalation. Progress said exploitation could lead to unauthorized access, administrative control, and data exposure through the service backend command port interfaces, and that no workaround resolves the issues. The affected releases were MOVEit Automation <= 2025.1.4, <= 2025.0.8, and <= 2024.1.7, with fixed builds 2025.1.5, 2025.0.9, and 2024.1.8 available. Airbus SecLab researchers Anaïs Gantet, Delphine Gourdou, Quentin Liddell, and Matteo Ricordeau were credited with discovering and reporting the two vulnerabilities.
Show sources
- Progress Patches Critical MOVEit Automation Bug Enabling Authentication Bypass — thehackernews.com — 04.05.2026 19:34
- Progress Patches Critical MOVEit Automation Bug Enabling Authentication Bypass — thehackernews.com — 04.05.2026 19:34