Critical MOVEit Automation auth bypass vulnerability fixed (CVE-2026-4670)

Zeljka Zorz, Editor-in-Chief, Help Net Security May 4, 2026 Share Critical MOVEit Automation auth bypass vulnerability fixed (CVE-2026-4670) Progress Software has fixed a critical authentication bypass (CVE-2026-4670) and a privilege escalation (CVE-2026-5174) vulnerability in MOVEit Automation, exploitation of which “may lead to unauthorized access, administrative control, and data exposure.” The vulnerabilities were reported privately by Airbus researchers and there’s no mention of them being leveraged by attackers in the wild. Still, performing an upgrade to a fixed version is “strongly” advised. CVE-2026-4670 and CVE-2026-5174 Progress Software’s MOVEit Transfer, an enterprise managed file transfer (MFT) solution, was infamously targeted by the Cl0p cyber extortion outfit in 2023 via CVE-2023-34362, a SQL injection flaw that allowed for remote code execution. MOVEit Transfer is the secure server used for storing and transferring files, while MOVEit Automation is the workflow/scheduling engine that sits automates those file transfers. The newly patched CVE-2026-4670 and CVE-2026-5174 affect the service backend command port interface of MOVEit Automation versions 2025.1.4 (17.1.4) and earlier, 2025.0.8 (17.0.8) and earlier, and 2024.1.7 (16.1.7) and earlier. CVE-2026-4670 is an authentication bypass vulnerability that can be exploited via low-complexity attacks by unauthenticated attackers. CVE-2026-5174, caused by improper input validation, may allow authenticated attackers to escalate their privileges. Together, the two vulnerabilities may allows remote attackers to gain administrative control of MOVEit Automation instances. This kind of access would allow them access to credentials stored in MOVEit Automation tasks, to sensitive business data (reports, payroll, financial files, etc.), and to the wider enterprise network. Fortunately, neither the company or the AirBus team released technical details. Update via installer The two vulnerabilities have been fixed in MOVEit Automation versions 2025.1.5, 2025.0.9, and 2024.1.8. “Upgrading to a patched release, using the full installer, is the only way to remediate this issue. There will be an outage to the system while the upgrade is running,” the company noted in the security advisory. They also added that unexpected privilege escalation, unauthorized access, or anomalous activity observed via the audit logs may point to CVE-2026-4670 exploitation. Subscribe to our breaking news e-mail alert to never miss out on the latest breaches, vulnerabilities and cybersecurity threats. Subscribe here! More about enterprise file-sharing Progress security update vulnerability Share