Skip to content
Tech News
← Back to articles

Progress warns of critical MOVEit Automation auth bypass flaw

2026-05-04 | original
read original get MOVEit Automation Security Patch → more articles
Why This Matters

Progress Software has issued a critical security warning for its MOVEit Automation platform, revealing a vulnerability (CVE-2026-4670) that allows remote attackers to bypass authentication and potentially compromise systems. The company urges users to upgrade to the latest version to mitigate risks, as many instances remain exposed online, including those linked to government agencies. This highlights the ongoing importance of timely patching and vigilance in enterprise software security.

Key Takeaways

Progress Software warned customers to patch a critical authentication bypass vulnerability in its MOVEit Automation enterprise-grade managed file transfer (MFT) application.

MOVEit Automation automates complex data workflows without requiring manual scripting and serves as a central automation orchestrator to schedule and manage file transfers between different systems, including local servers, cloud storage, and external partners.

Tracked as CVE-2026-4670, the security flaw affects MOVEit Automation versions before 2025.1.5, 2025.0.9, and 2024.1.8. Remote threat actors can exploit it without privileges on the targeted systems in low-complexity attacks that don't require user interaction.

"We have addressed the vulnerability and the Progress MOVEit Automation team strongly recommends performing an upgrade to the latest version," the company says in a Thursday advisory. "Upgrading to a patched release, using the full installer, is the only way to remediate this issue. There will be an outage to the system while the upgrade is running."

The same day, Progress also released security updates to address a high-severity privilege escalation vulnerability (CVE-2026-5174) stemming from an improper input validation weakness in the same software.

According to a Shodan search shared by PwnDefend cybersecurity consultant Daniel Card, over 1,400 MOVEit Automation instances are exposed online, and over a dozen are linked to U.S. local and state government agencies.

However, there is no information regarding how many of these systems have already been secured against CVE-2026-4670 attacks.

Map of MOVEit Automation instances exposed online (Shodan)

While the company has yet to flag these security issues as exploited in the wild, other MoveIT MFT vulnerabilities have been targeted in attacks in recent years.

For instance, the Clop ransomware gang exploited a zero-day in the MOVEit Transfer secure file transfer platform in an extensive series of data theft attacks in 2023 that affected more than 2,100 organizations and over 62 million individuals, according to Emsisoft estimates.

... continue reading

Explore topics: progress software moveit automation cve-2026-4670 file transfer cybersecurity
Related:
Instructure confirms data breach, ShinyHunters claims attack
Microsoft Defender wrongly flags DigiCert certs as Trojan:Win32/Cerdigent.A!dha
The White House Suddenly Seems Pretty Terrified of Anthropic
Credit Cards Are Vulnerable to Brute Force Kind Attacks
Credit cards are vulnerable to brute force kind attacks

© 2026 GoKawiil

About | Editorial Policy | Contact