Progress Software has recently updated its MOVEit Automation platform to address two significant security vulnerabilities. MOVEit Automation serves as a secure, server-based managed file transfer solution, facilitating automated file workflows in enterprise environments. The first vulnerability, identified as CVE-2026-4670, is particularly severe with a CVSS score of 9.8. It allows an authentication bypass, posing a substantial risk to users. The second flaw, CVE-2026-5174, has a CVSS score of 7.7 and involves improper input validation that could lead to privilege escalation.
These vulnerabilities were discovered and reported by Airbus SecLab researchers Anaïs Gantet, Delphine Gourdou, Quentin Liddell, and Matteo Ricordeau. Progress Software has confirmed that these flaws may allow unauthorized access and potentially lead to administrative control and data exposure through the service backend command port interfaces. Although there are no known exploits in the wild, the absence of workarounds means that applying the provided patches is crucial.
Given the history of MOVEit Transfer vulnerabilities being exploited by ransomware groups such as Cl0p, this update is critical. Enterprises using affected versions must prioritize deploying these patches to safeguard their systems from potential threats. The urgency of this update cannot be overstated, as neglecting it could lead to significant security breaches and data compromise.


