Critical MOVEit Vulnerabilities Let Attackers Bypass Authentication
Key Takeaways Progress Software has disclosed critical vulnerabilities in its MOVEit Automation platform, including an authentication bypass. These flaws, identified as CVE-2026-4670 and...
Key Takeaways
- Progress Software has disclosed critical vulnerabilities in its MOVEit Automation platform, including an authentication bypass.
- These flaws, identified as CVE-2026-4670 and CVE-2026-5174, allow unauthenticated attackers to gain administrative control and access sensitive data.
- All versions of MOVEit Automation 2025.1.4 and earlier, 2025.0.8 and earlier, and 2024.1.7 and earlier are affected.
- Immediate patching to specific secure versions (2025.1.5, 2025.0.9, 2024.1.8) is required to mitigate the risk.
Progress Software has issued an urgent security bulletin regarding its MOVEit Automation platform, detailing critical vulnerabilities that could allow unauthorized individuals to bypass authentication mechanisms and gain full control over affected systems. This advisory, released in April 2026, necessitates immediate action from all organizations utilizing the secure file transfer solution.
Table Of Content
The disclosed flaws are severe, potentially enabling threat actors to circumvent security protocols and achieve complete system compromise. Given MOVEit Automation’s widespread use in managing and automating critical file transfers for enterprises, these vulnerabilities present a high-stakes target for cybercriminals.
Organizations must prioritize applying the latest security patches without delay to prevent potential data breaches and unauthorized access to sensitive information.
Critical Authentication Bypass and Privilege Escalation
The core of the recent alert involves two distinct vulnerabilities, collectively discovered and reported by a research team from Airbus SecLab, including Anaïs Gantet, Delphine Gourdou, Quentin Liddell, and Matteo Ricordeau. These flaws can be exploited by malicious actors directly through the service backend command port interfaces.
Successful exploitation of these vulnerabilities allows attackers to bypass login screens entirely, exfiltrate sensitive files, and achieve full administrative control over the compromised server. Security teams are advised to proactively search their audit logs for any indicators of compromise, such as unexpected privilege changes or anomalous backend activity.
The technical details of the vulnerabilities are as follows:
- CVE-2026-4670: This critical weakness facilitates an authentication bypass, granting unauthenticated external users access to the system without requiring valid credentials.
- CVE-2026-5174: An improper input validation vulnerability that leads to privilege escalation, enabling attackers to elevate their standard access to administrative rights.
These security deficiencies affect multiple generations of the MOVEit Automation software. Progress Software recommends that system administrators verify their current installation by navigating to the “About” section under the “Help” menu within the Web Admin dashboard.
The following software builds are confirmed to be vulnerable:
- MOVEit Automation 2025.1.4 and all previous versions.
- MOVEit Automation 2025.0.8 and all previous versions.
- MOVEit Automation 2024.1.7 and all prior versions.
Progress Software has released patches to address both vulnerabilities in its latest software updates. The only recommended method to close these security gaps is to apply these official updates using the full installer.
IT teams should anticipate a brief system outage during the installation process. Administrators are required to update their systems to the following secure versions:
- For the 2025.1 track, upgrade to MOVEit Automation 2025.1.5.
- For the 2025.0 track, upgrade to MOVEit Automation 2025.0.9.
- For the 2024.1 track, upgrade to MOVEit Automation 2024.1.8.
Customers with an active maintenance agreement can access the necessary upgrade files directly via the Progress Community portal. Organizations operating on older, unsupported versions must migrate to a modern, supported lifecycle release to ensure their file transfer environments are protected against these significant threats.
What You Should Do
- Immediately identify if your organization is running any vulnerable versions of MOVEit Automation.
- Plan and execute an upgrade to the specified secure versions (2025.1.5, 2025.0.9, 2024.1.8) using the full installer.
- Monitor audit logs for any suspicious activity, unexpected privilege changes, or anomalous backend access.
- Ensure your maintenance agreement is active to facilitate access to critical updates and support.
- If running unsupported versions, prioritize migrating to a current, supported release of MOVEit Automation.
Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.



No Comment! Be the first one.