Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
AI-powered Forg365 Phishing Platform Targets Microsoft 365 Accounts
July 11, 2026
Dell BIOS Critical Flaw Exposes Admin Passwords From SPI Flash
July 11, 2026
CISA Report Details Lessons Learned From AWS GovCloud Credential Leak
July 11, 2026
Home/CyberSecurity News/Critical MOVEit Vulnerabilities Let Attackers Bypass Authentication
CyberSecurity News

Critical MOVEit Vulnerabilities Let Attackers Bypass Authentication

Key Takeaways Progress Software has disclosed critical vulnerabilities in its MOVEit Automation platform, including an authentication bypass. These flaws, identified as CVE-2026-4670 and...

Sarah simpson
Sarah simpson
May 4, 2026 3 Min Read
52 0

Key Takeaways

  • Progress Software has disclosed critical vulnerabilities in its MOVEit Automation platform, including an authentication bypass.
  • These flaws, identified as CVE-2026-4670 and CVE-2026-5174, allow unauthenticated attackers to gain administrative control and access sensitive data.
  • All versions of MOVEit Automation 2025.1.4 and earlier, 2025.0.8 and earlier, and 2024.1.7 and earlier are affected.
  • Immediate patching to specific secure versions (2025.1.5, 2025.0.9, 2024.1.8) is required to mitigate the risk.

Progress Software has issued an urgent security bulletin regarding its MOVEit Automation platform, detailing critical vulnerabilities that could allow unauthorized individuals to bypass authentication mechanisms and gain full control over affected systems. This advisory, released in April 2026, necessitates immediate action from all organizations utilizing the secure file transfer solution.

Table Of Content

  • Key Takeaways
  • Critical Authentication Bypass and Privilege Escalation
  • What You Should Do

The disclosed flaws are severe, potentially enabling threat actors to circumvent security protocols and achieve complete system compromise. Given MOVEit Automation’s widespread use in managing and automating critical file transfers for enterprises, these vulnerabilities present a high-stakes target for cybercriminals.

Organizations must prioritize applying the latest security patches without delay to prevent potential data breaches and unauthorized access to sensitive information.

Critical Authentication Bypass and Privilege Escalation

The core of the recent alert involves two distinct vulnerabilities, collectively discovered and reported by a research team from Airbus SecLab, including Anaïs Gantet, Delphine Gourdou, Quentin Liddell, and Matteo Ricordeau. These flaws can be exploited by malicious actors directly through the service backend command port interfaces.

Successful exploitation of these vulnerabilities allows attackers to bypass login screens entirely, exfiltrate sensitive files, and achieve full administrative control over the compromised server. Security teams are advised to proactively search their audit logs for any indicators of compromise, such as unexpected privilege changes or anomalous backend activity.

The technical details of the vulnerabilities are as follows:

  • CVE-2026-4670: This critical weakness facilitates an authentication bypass, granting unauthenticated external users access to the system without requiring valid credentials.
  • CVE-2026-5174: An improper input validation vulnerability that leads to privilege escalation, enabling attackers to elevate their standard access to administrative rights.

These security deficiencies affect multiple generations of the MOVEit Automation software. Progress Software recommends that system administrators verify their current installation by navigating to the “About” section under the “Help” menu within the Web Admin dashboard.

The following software builds are confirmed to be vulnerable:

  • MOVEit Automation 2025.1.4 and all previous versions.
  • MOVEit Automation 2025.0.8 and all previous versions.
  • MOVEit Automation 2024.1.7 and all prior versions.

Progress Software has released patches to address both vulnerabilities in its latest software updates. The only recommended method to close these security gaps is to apply these official updates using the full installer.

IT teams should anticipate a brief system outage during the installation process. Administrators are required to update their systems to the following secure versions:

  • For the 2025.1 track, upgrade to MOVEit Automation 2025.1.5.
  • For the 2025.0 track, upgrade to MOVEit Automation 2025.0.9.
  • For the 2024.1 track, upgrade to MOVEit Automation 2024.1.8.

Customers with an active maintenance agreement can access the necessary upgrade files directly via the Progress Community portal. Organizations operating on older, unsupported versions must migrate to a modern, supported lifecycle release to ensure their file transfer environments are protected against these significant threats.

What You Should Do

  • Immediately identify if your organization is running any vulnerable versions of MOVEit Automation.
  • Plan and execute an upgrade to the specified secure versions (2025.1.5, 2025.0.9, 2024.1.8) using the full installer.
  • Monitor audit logs for any suspicious activity, unexpected privilege changes, or anomalous backend access.
  • Ensure your maintenance agreement is active to facilitate access to critical updates and support.
  • If running unsupported versions, prioritize migrating to a current, supported release of MOVEit Automation.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

AttackBreachCVEExploitPatchSecurityThreatVulnerability

Share Article

Sarah simpson

Sarah simpson

Sarah is a cybersecurity journalist specializing in threat intelligence and malware analysis. With over 8 years of experience covering APT groups, zero-day exploits, and advanced persistent threats, Sarah brings deep technical expertise to breaking cybersecurity news. Previously, she worked as a security researcher at leading threat intelligence firms, where she analyzed malware samples and tracked cybercriminal operations. Sarah holds a Master's degree in Computer Science with a focus on cybersecurity and is a regular contributor to major security conferences.

Previous Post

CISA Warns of Critical cPanel & WHM RCE Vulnerability CVE-2021-35941 Exploited in Attacks

Next Post

Critical Apache MINA Flaws Allow Remote Code Execution

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
Critical OpenClaw Vulnerability Lets Attackers Hijack WhatsApp Via One Message
July 11, 2026
Progress Urges ShareFile Server Shutdown Over Critical Vulnerability
July 11, 2026
Critical Citrix Bleed Vulnerability Exploited for Ransomware Attacks
July 11, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Jennifer sherman
Jennifer sherman
Emy Elsamnoudy
Emy Elsamnoudy
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Attacks

ClickFix Attack Hides Malicious Code via Stegan Security

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us