Progress Software has released an urgent security alert for its MOVEit Automation platform, highlighting critical vulnerabilities that demand immediate attention from users. The alert, issued in April 2026, identifies two severe security holes that could enable attackers to bypass authentication and gain full control over the system.
Understanding the MOVEit Vulnerabilities
The MOVEit Automation platform is a widely utilized tool for secure file transfers among enterprises, making it an attractive target for cyber threats. The newly discovered flaws could potentially compromise the security of sensitive data if left unpatched. Organizations using this software are strongly advised to implement the latest updates without delay to mitigate unauthorized access and potential data breaches.
Details of the Authentication Bypass Flaw
The alert centers on two vulnerabilities uncovered by Airbus SecLab researchers Anaïs Gantet, Delphine Gourdou, Quentin Liddell, and Matteo Ricordeau. These flaws can be exploited through the service backend command port interfaces, allowing threat actors to bypass login mechanisms, access sensitive files, and assume administrative control of the server.
Security personnel should scrutinize audit logs for any unexpected changes in privileges or unusual backend activity. The specific vulnerabilities are:
- CVE-2026-4670: This flaw facilitates an authentication bypass, enabling unauthorized external users to access the system without valid credentials.
- CVE-2026-5174: This issue involves improper input validation, leading to privilege escalation that allows attackers to elevate standard access to administrative levels.
Recommended Actions and Updates
These vulnerabilities affect multiple versions of the MOVEit Automation software. Progress Software strongly advises administrators to review their current installations by accessing the Web Admin dashboard and checking the “About” section under the “Help” menu.
The affected software builds include:
- MOVEit Automation 2025.1.4 and earlier versions
- MOVEit Automation 2025.0.8 and earlier versions
- MOVEit Automation 2024.1.7 and prior versions
To address these issues, Progress Software has released new secure versions. Administrators are urged to upgrade using the official updates provided:
- Upgrade to MOVEit Automation 2025.1.5 for the 2025.1 track
- Upgrade to MOVEit Automation 2025.0.9 for the 2025.0 track
- Upgrade to MOVEit Automation 2024.1.8 for the 2024.1 track
These updates can be downloaded by customers with an active maintenance agreement via the Progress Community portal. It’s crucial for organizations using unsupported software versions to transition to supported releases to maintain the security of their file transfer systems against these critical vulnerabilities.
Stay informed with our daily cybersecurity updates by following us on Google News, LinkedIn, and X. Contact us to share your stories.
