{"id":799,"date":"2026-05-04T17:51:02","date_gmt":"2026-05-04T17:51:02","guid":{"rendered":"https:\/\/thedigitalfortress.us\/?p=799"},"modified":"2026-05-04T17:51:02","modified_gmt":"2026-05-04T17:51:02","slug":"progress-patches-critical-moveit-automation-bug-enabling-authentication-bypass","status":"publish","type":"post","link":"https:\/\/thedigitalfortress.us\/?p=799","title":{"rendered":"Progress Patches Critical MOVEit Automation Bug Enabling Authentication Bypass"},"content":{"rendered":"<div>\n<p><span class=\"p-author\"><i class=\"icon-font icon-user\">\ue804<\/i><span class=\"author\">Ravie Lakshmanan<\/span><i class=\"icon-font icon-calendar\">\ue802<\/i><span class=\"author\">May 04, 2026<\/span><\/span><span class=\"p-tags\">Vulnerability \/ Enterprise Software<\/span><\/p>\n<\/div>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both;\"><a href=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgTvgdRkcdOwctclhM5XBvKXGGFrqpNsd7pJsR6Qk9QfhVd52KaiNWtY6kbWYbxzweFJDx5-sXo5UmIGJZ2yKbiSqntFDcYS7aDV_hUlAuNtcFzIPf_MDdqWq9eeyzZwJXx9__K5ynAXHc-7kJ6i66ifjuGrFqfLdn4-yDTvmL1oSZ-kVX2V9eoTq-xdiKa\/s1700-e365\/moveit.jpg\" style=\"display: block;  text-align: center; clear: left; float: left;\"><\/a><\/div>\n<p>Progress Software has released updates to address two security flaws in MOVEit Automation, including a critical bug that could result in an authentication bypass.<\/p>\n<p>MOVEit Automation (formerly Central) is a secure, server-based managed file transfer (MFT) solution used to schedule and automate file movement workflows in enterprise environments without requiring any custom scripts.\u00a0<\/p>\n<p>The vulnerabilities in question are <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2026-4670\">CVE-2026-4670<\/a> (CVSS score: 9.8), an authentication bypass vulnerability, and <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2026-5174\">CVE-2026-5174<\/a> (CVSS score: 7.7), an improper input validation vulnerability that could allow privilege escalation.<\/p>\n<p>\u00abCritical and high vulnerabilities in MOVEit Automation may allow authentication bypass and privilege escalation through the service backend command port interfaces,\u00bb Progress Software <a href=\"https:\/\/community.progress.com\/s\/article\/MOVEit-Automation-Critical-Security-Alert-Bulletin-April-2026-CVE-2026-4670-CVE-2026-5174\">said<\/a> in an advisory. \u00abExploitation may lead to unauthorized access, administrative control, and data exposure.\u00bb<\/p>\n<div class=\"dog_two clear\">\n<div class=\"cf\"><a href=\"https:\/\/thehackernews.uk\/ai-cant-stop-d\" rel=\"nofollow noopener sponsored\" target=\"_blank\"><img loading=\"lazy\" decoding=\"async\" class=\"lazyload\" alt=\"Cybersecurity\" src=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjPEV6-530TOlxG6PjrmdlY623wpBwduZ7t1HV6flcmO5R4q4AmfixDUzW0CrhlvMVNWbhvOIso-UDNTka4W_W9Chrdj_dglwBZwi7DuePM2IMIl-hfUYVIqBXgfpr_2619K8Gptb4LzwJ6gUbi7lWl2M8AFQJsHEaw63Q7tZ6708YGruiHrr0Y2W9YYxLQ\/s728-e100\/ThreatLocker-d.png\" width=\"729\" height=\"91\"\/><\/a><\/div>\n<\/div>\n<p>The shortcomings affect the following versions &#8211;<\/p>\n<ul>\n<li>MOVEit Automation &lt;= 2025.1.4 (Fixed in MOVEit Automation 2025.1.5)<\/li>\n<li>MOVEit Automation &lt;= 2025.0.8 (Fixed in MOVEit Automation 2025.0.9)<\/li>\n<li>MOVEit Automation &lt;= 2024.1.7 (Fixed in MOVEit Automation 2024.1.8)<\/li>\n<\/ul>\n<p>Airbus SecLab researchers Ana\u00efs Gantet, Delphine Gourdou, Quentin Liddell, and Matteo Ricordeau have been <a href=\"https:\/\/airbus-seclab.github.io\/#2026\">credited<\/a> with discovering and reporting the two vulnerabilities. There are no workarounds that resolve the issues.<\/p>\n<p>While Progress makes no mention of the flaws being exploited in the wild, it&#8217;s essential that users apply the fixes as soon as possible for optimal protection, particularly given that prior flaws in MOVEit Transfer have been exploited by ransomware gangs like Cl0p.<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>\ue804Ravie Lakshmanan\ue802May 04, 2026Vulnerability \/ Enterprise Software Progress Software has released updates to address two security flaws in MOVEit Automation, including a critical bug that could result in an authentication&hellip;<\/p>\n","protected":false},"author":1,"featured_media":800,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[396,496,610,394,58,524,1514,57,1513],"class_list":["post-799","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","tag-authentication","tag-automation","tag-bug","tag-bypass","tag-critical","tag-enabling","tag-moveit","tag-patches","tag-progress"],"_links":{"self":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/posts\/799","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=799"}],"version-history":[{"count":0,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/posts\/799\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/media\/800"}],"wp:attachment":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=799"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=799"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=799"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}