New MOVEit vulnerabilities prompt urgent patch warning - Cybersecurity Dive

New MOVEit vulnerabilities prompt urgent patch warning Progress Software warned customers to immediately upgrade the file-transfer tool to fix the serious flaws. Published May 4, 2026 Eric Geller Senior Reporter Share License Add us on Google Getty Images Hackers could exploit vulnerabilities in Progress Software’s MOVEit Automation tool to improperly access businesses’ data, the software maker said in a recent advisory. Exploitation of the two flaws — an authentication-bypass vulnerability tracked as CVE-2026-4670 and a privilege-escalation vulnerability tracked as CVE-2026-5174 — could “lead to unauthorized access, administrative control, and data exposure,” according to Progress Software’s advisory. The newly patched flaws represent serious security weaknesses in a widely used managed-file-transfer program that helps organizations transfer data between self-hosted servers, cloud platforms and third-party vendors. Progress Software urged customers to upgrade to the latest version of the software, which fixes both vulnerabilities. CVE-2026-4670 is considered a critical vulnerability, while CVE-2026-5174 carries a high severity score. “Upgrading to a patched release, using the full installer, is the only way to remediate this issue,” Progress Software said, warning that the file-transfer software will need to shut down for the upgrade. More than 1,440 internet-connected devices are running vulnerable versions of MOVEit Automation, including 16 associated with state and local government agencies, according to the Shodan internet-scanning tool. MOVEit has been the source of major anxiety for cybersecurity experts and business leaders in the past. In 2023, a zero-day vulnerability in the software fueled a massive hacking spree that included serious ransomware attacks by the Cl0p cybercrime gang. Add us on Google Share PURCHASE LICENSING RIGHTS Filed Under: Vulnerability