Authentication Bypass Vulnerability in MOVEit Automation by Progress Software
CVE-2026-4670

9.8CRITICAL

Key Information:

Vendor: Progress Software
Status: Moveit Automation
Vendor: CVE Published:; 30 April 2026

🔔 Create Progress Software Vulnerability Alert

What is CVE-2026-4670?

An authentication bypass vulnerability in MOVEit Automation enables unauthorized access, potentially exposing sensitive data and compromising system integrity. This issue arises due to weaknesses inherent in the authentication process, allowing attackers to bypass intended security measures in specific versions of the software. Prompt updates to the affected versions are essential to mitigate risks and secure the system against unauthorized access.

Affected Version(s)

MOVEit Automation 2025.0.0 < 2025.0.9

MOVEit Automation 2024.0.0 < 2024.1.8

MOVEit Automation 0 < 2024.0.0

References

https://community.progress.com/s/article/MOVEit-Automatio...

vendor-advisory

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 30, 2026
Vulnerability Reserved
Mar 23, 2026

Credit

Airbus SecLab

Anaïs Gantet

Delphine Gourdou

Quentin Liddell

Matteo Ricordeau

CVE-2026-4670 Data

JSON