Default Permissions Flaw in MOVEit Automation by Progress Software
CVE-2026-8487

6.5MEDIUM

Key Information:

Vendor: Progress Software
Status: Moveit Automation
Vendor: CVE Published:; 20 May 2026

🔔 Create Progress Software Vulnerability Alert

What is CVE-2026-8487?

An incorrect default permissions vulnerability exists in Progress Software MOVEit Automation, allowing unauthorized retrieval of embedded sensitive data. This flaw affects specific versions prior to 2025.0.11 and a range from 2025.1.0 until before 2025.1.7, potentially exposing sensitive information to unauthorized users. It is essential for users of affected versions to implement the necessary updates to mitigate the risks associated with this vulnerability.

Affected Version(s)

MOVEit Automation 0 < 2025.0.11

MOVEit Automation 2025.1.0 < 2025.1.7

References

https://docs.progress.com/bundle/moveit-automation-releas...

vendor-advisory

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 20, 2026
Vulnerability Reserved
May 13, 2026

Credit

Airbus SecLab

Anaïs Gantet

Delphine Gourdou

Quentin Liddell

Matteo Ricordeau

CVE-2026-8487 Data

JSON