What is the CVSS score of CVE-2026-4670?

CVE-2026-4670 has a CVSS 3.1 base score of 9.8 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.1%.

Which versions of MOVEit Automation are affected by CVE-2026-4670?

Progress MOVEit Automation contains a critical authentication bypass vulnerability (CVSS 9.8) that allows unauthenticated remote attackers to completely circumvent access controls and gain full…. A patch is available.

MOVEit Automation CVE-2026-4670

EUVD-2026-26389 CRITICAL

Authentication Bypass by Primary Weakness (CWE-305)

2026-04-30 ProgressSoftware

Authentication Bypass

9.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Patch released

May 04, 2026 - 18:20 nvd

Patch available

Apr 30, 2026 - 17:02 EUVD

Analysis Generated

Apr 30, 2026 - 16:15 vuln.today

EUVD ID Assigned

Apr 30, 2026 - 15:45 euvd

EUVD-2026-26389

Analysis Generated

Apr 30, 2026 - 15:45 vuln.today

CVE Published

Apr 30, 2026 - 15:06 nvd

CRITICAL 9.8

DescriptionNVD

Authentication bypass by primary weakness vulnerability in Progress Software MOVEit Automation allows Authentication Bypass.

This issue affects MOVEit Automation: from 2025.0.0 before 2025.0.9, from 2024.0.0 before 2024.1.8, versions prior to 2024.0.0.

AnalysisAI

Authentication bypass in Progress MOVEit Automation allows remote unauthenticated attackers to completely circumvent authentication controls and gain unauthorized access with high impact to confidentiality, integrity, and availability. Affects all versions before 2025.0.9, all 2024.x versions before 2024.1.8, and all versions prior to 2024.0.0. …

RemediationAI

Within 24 hours: Identify all MOVEit Automation instances in your environment and document current versions. Within 7 days: Apply vendor-released patches immediately-upgrade to 2025.0.9 or later for 2025.x deployments, 2024.1.8 or later for 2024.x deployments, or 2024.0.0 and above for older versions. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-4670 vulnerability details – vuln.today

Back

MOVEit Automation CVE-2026-4670

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code