Close Menu
  • Home
  • News
  • Cyber Security
  • Internet of Things
  • Tips and Advice

Subscribe to Updates

Get the latest creative news from FooBar about art, design and business.

What's Hot

Iran-Linked MuddyWater Poses as Ransomware Gang to Mask Espionage

June 25, 2026

CISA Warns of Actively Exploited Joomla JCE Flaw Allowing PHP Code Execution

June 24, 2026

Researchers Trick AI Browsers Into Leaking Credentials

June 24, 2026
Facebook X (Twitter) Instagram
Thursday, June 25
Facebook X (Twitter) Instagram Pinterest Vimeo
Cyberwire Daily
  • Home
  • News
  • Cyber Security
  • Internet of Things
  • Tips and Advice
Cyberwire Daily
Home»News»Progress Patches Critical MOVEit Automation Bug Enabling Authentication Bypass
News

Progress Patches Critical MOVEit Automation Bug Enabling Authentication Bypass

Team-CWDBy Team-CWDMay 12, 2026No Comments2 Mins Read
Share Facebook Twitter Pinterest LinkedIn Tumblr Reddit Telegram Email
Share
Facebook Twitter LinkedIn Pinterest Email


Progress Software has released updates to address two security flaws in MOVEit Automation, including a critical bug that could result in an authentication bypass.

MOVEit Automation (formerly Central) is a secure, server-based managed file transfer (MFT) solution used to schedule and automate file movement workflows in enterprise environments without requiring any custom scripts. 

The vulnerabilities in question are CVE-2026-4670 (CVSS score: 9.8), an authentication bypass vulnerability, and CVE-2026-5174 (CVSS score: 7.7), an improper input validation vulnerability that could allow privilege escalation.

“Critical and high vulnerabilities in MOVEit Automation may allow authentication bypass and privilege escalation through the service backend command port interfaces,” Progress Software said in an advisory. “Exploitation may lead to unauthorized access, administrative control, and data exposure.”

The shortcomings affect the following versions –

  • MOVEit Automation <= 2025.1.4 (Fixed in MOVEit Automation 2025.1.5)
  • MOVEit Automation <= 2025.0.8 (Fixed in MOVEit Automation 2025.0.9)
  • MOVEit Automation <= 2024.1.7 (Fixed in MOVEit Automation 2024.1.8)

Airbus SecLab researchers Anaïs Gantet, Delphine Gourdou, Quentin Liddell, and Matteo Ricordeau have been credited with discovering and reporting the two vulnerabilities. There are no workarounds that resolve the issues.

While Progress makes no mention of the flaws being exploited in the wild, it’s essential that users apply the fixes as soon as possible for optimal protection, particularly given that prior flaws in MOVEit Transfer have been exploited by ransomware gangs like Cl0p.



Source

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
Previous ArticleSouth Staffordshire Water Fined £1m After Data Breach
Next Article Apple Rolls Out E2EE for RCS Across iPhone and Android
Team-CWD
  • Website

Related Posts

News

CISA Warns of Actively Exploited Joomla JCE Flaw Allowing PHP Code Execution

June 24, 2026
News

Researchers Trick AI Browsers Into Leaking Credentials

June 24, 2026
News

Google Vertex AI SDK Flaw Let Attackers Hijack Model Uploads via Bucket Squatting

June 24, 2026
Add A Comment
Leave A Reply Cancel Reply

Latest News

North Korean Hackers Turn JSON Services into Covert Malware Delivery Channels

November 24, 202522 Views

macOS Stealer Campaign Uses “Cracked” App Lures to Bypass Apple Securi

September 7, 202517 Views

North Korean Hackers Target Crypto Firms with ClickFix and Zoom Lures

April 29, 202610 Views

Why SOC Burnout Can Be Avoided: Practical Steps

November 14, 20259 Views

Cyber M&A Roundup: Cyber Giants Strengthen AI Security Offerings

December 1, 20258 Views
Stay In Touch
  • Facebook
  • YouTube
  • TikTok
  • WhatsApp
  • Twitter
  • Instagram
Most Popular

North Korean Hackers Turn JSON Services into Covert Malware Delivery Channels

November 24, 202522 Views

macOS Stealer Campaign Uses “Cracked” App Lures to Bypass Apple Securi

September 7, 202517 Views

North Korean Hackers Target Crypto Firms with ClickFix and Zoom Lures

April 29, 202610 Views
Our Picks

Don’t let “back to school” become “back to bullying”

September 11, 2025

Is it OK to let your children post selfies online?

February 17, 2026

Your information is on the dark web. What happens next?

January 13, 2026

Subscribe to Updates

Get the latest news from cyberwiredaily.com

Facebook X (Twitter) Instagram Pinterest
  • Home
  • Contact
  • Privacy Policy
  • Terms of Use
  • California Consumer Privacy Act (CCPA)
© 2026 All rights reserved.

Type above and press Enter to search. Press Esc to cancel.