Critical MOVEit Vulnerabilities Enable Authentication Bypass

Progress Software has issued a critical security bulletin for its MOVEit Automation platform. The advisory details severe vulnerabilities, including an authentication bypass flaw, that could expose organizations to unauthorized access. Immediate action is required to apply the necessary updates.

This April 2026 alert warns of two highly severe vulnerabilities that could allow attackers to bypass security checkpoints and gain full system control.

MOVEit Automation is widely used by enterprises to manage and automate secure file transfers, making it a high-value target for cybercriminals.

Organizations using this software must apply the latest patches immediately to prevent unauthorized data access and potential breaches.

MOVEit Authentication Bypass Flaw

The critical alert focuses on two distinct flaws discovered and reported by a team of researchers at Airbus SecLab, including Anaïs Gantet, Delphine Gourdou, Quentin Liddell, and Matteo Ricordeau.

Threat actors can exploit these vulnerabilities directly through the service backend command port interfaces.

If an attacker successfully exploits these flaws, they can bypass login screens, steal sensitive files, and gain complete administrative control of the server.

Security teams should actively hunt for threats by checking their audit logs for unexpected privilege changes or anomalous backend activity.

The technical breakdown of the flaws includes:

• CVE-2026-4670: A primary weakness causing an authentication bypass, allowing unauthenticated external users to access the system without valid credentials.
• CVE-2026-5174: An improper input validation vulnerability that results in privilege escalation, letting attackers elevate their standard access to administrative rights.

These security flaws impact several generations of the MOVEit Automation software.

Progress Software urges system administrators to verify their current installation by opening the Web Admin dashboard and checking the “About” section under the “Help” menu.

The vulnerabilities exist in the following software builds:

• MOVEit Automation 2025.1.4 and all earlier versions.
• MOVEit Automation 2025.0.8 and all earlier versions.
• MOVEit Automation 2024.1.7 and all prior versions.

Progress Software has addressed both vulnerabilities in its newest software releases.

Applying these official updates using the full installer is the only recognized method to close the security gaps.

IT teams should plan for a brief system outage while the installation process completes.

Administrators must update their systems to the following secure versions:

• Upgrade to MOVEit Automation 2025.1.5 to secure the 2025.1 track.
• Upgrade to MOVEit Automation 2025.0.9 to secure the 2025.0 track.
• Upgrade to MOVEit Automation 2024.1.8 to secure the 2024.1 track.

Customers with an active maintenance agreement can access the necessary upgrade files directly through the Progress Community portal.

Organizations currently running older, unsupported versions must transition to a modern, supported lifecycle release to ensure their file transfer environments remain secure against these critical threats.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.