Skip to main content

MOVEit Automation CVE-2026-4670

| EUVDEUVD-2026-26389 CRITICAL
Authentication Bypass by Primary Weakness (CWE-305)
2026-04-30 ProgressSoftware
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
ENISA EUVD
HIGH
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

6
Patch released
May 04, 2026 - 18:20 nvd
Patch available
Patch available
Apr 30, 2026 - 17:02 EUVD
Analysis Generated
Apr 30, 2026 - 16:15 vuln.today
EUVD ID Assigned
Apr 30, 2026 - 15:45 euvd
EUVD-2026-26389
Analysis Generated
Apr 30, 2026 - 15:45 vuln.today
CVE Published
Apr 30, 2026 - 15:06 nvd
CRITICAL 9.8

DescriptionCVE.org

Authentication bypass by primary weakness vulnerability in Progress Software MOVEit Automation allows Authentication Bypass.

This issue affects MOVEit Automation: from 2025.0.0 before 2025.0.9, from 2024.0.0 before 2024.1.8, versions prior to 2024.0.0.

AnalysisAI

Authentication bypass in Progress MOVEit Automation allows remote unauthenticated attackers to completely circumvent authentication controls and gain unauthorized access with high impact to confidentiality, integrity, and availability. Affects all versions before 2025.0.9, all 2024.x versions before 2024.1.8, and all versions prior to 2024.0.0. Progress Software has released patches for all supported versions. CVSS 9.8 critical severity with network-accessible, low-complexity exploitation requiring no privileges or user interaction. No public exploit or active exploitation confirmed at time of analysis, though the authentication bypass nature and MOVEit's history as a high-value target make this a priority remediation candidate.

Technical ContextAI

This vulnerability stems from CWE-305 (Authentication Bypass by Primary Weakness), indicating a fundamental flaw in the authentication mechanism itself rather than a secondary bypass technique. MOVEit Automation is an enterprise managed file transfer (MFT) solution that handles sensitive data transfers and workflow automation across organizations. Authentication bypass vulnerabilities in MFT platforms are particularly severe because these systems typically store and process confidential business documents, personally identifiable information, and regulated data. The affected CPE (cpe:2.3:a:progress_software:moveit_automation) indicates this is a product-level vulnerability affecting the core MOVEit Automation application across multiple version branches. The CWE-305 classification suggests the authentication system's primary validation logic can be circumvented, potentially through credential handling flaws, session management issues, or logic errors in the authentication workflow that allow attackers to gain authenticated access without valid credentials.

RemediationAI

Immediately upgrade to patched versions: MOVEit Automation 2025.0.9 for the 2025.x branch, or MOVEit Automation 2024.1.8 for the 2024.x branch. Organizations running versions prior to 2024.0.0 should consult the Progress Software advisory at https://community.progress.com/s/article/MOVEit-Automation-Critical-Security-Alert-Bulletin-April-2026-CVE-2026-4670-CVE-2026-5174 for specific upgrade paths, as these legacy versions may require multi-step upgrades or extended support contracts. If immediate patching is not feasible, implement network-level compensating controls by restricting MOVEit Automation access to trusted IP ranges through firewall rules or VPN requirements, though this significantly reduces the platform's usability for external file transfer workflows and does not protect against internal threats. Disable any unused authentication methods or API endpoints if supported by the platform configuration. Monitor authentication logs for anomalous successful logins, failed authentication attempts followed by immediate success, or access from unexpected geographic locations or IP addresses, though sophisticated exploitation may not generate obvious log signatures. These compensating controls are temporary measures only-the authentication bypass nature means determined attackers can achieve full access, making patching the only reliable mitigation.

Share

CVE-2026-4670 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy