Progress Software addresses critical vulnerabilities in its MOVEit Automation platform, including an authentication bypass flaw that could allow attackers to gain full control of enterprise file transfer systems.
Progress Software has released critical security updates to address vulnerabilities in its MOVEit Automation platform, including a flaw that could enable attackers to bypass authentication mechanisms and gain unauthorized access to enterprise file transfer systems.
The most severe issue, CVE-2026-4670, carries a CVSS score of 9.8 and represents a critical authentication bypass vulnerability in the MOVEit Automation service. The second flaw, CVE-2026-5174, has a CVSS score of 7.7 and could allow attackers to escalate privileges within the system.
"These critical and high vulnerabilities in MOVEit Automation may allow authentication bypass and privilege escalation through the service backend command port interfaces," Progress Software stated in their security advisory. "Exploitation may lead to unauthorized access, administrative control, and data exposure."
MOVEit Automation, formerly known as Central, is a server-based managed file transfer solution designed to schedule and automate file movement workflows in enterprise environments without requiring custom scripts. The platform is widely used by organizations for secure data transfers, making these vulnerabilities particularly concerning for businesses handling sensitive information.
The affected versions include:
- MOVEit Automation ≤ 2025.1.4 (Fixed in MOVEit Automation 2025.1.5)
- MOVEit Automation ≤ 2025.0.8 (Fixed in MOVEit Automation 2025.0.9)
- MOVEit Automation ≤ 2024.1.7 (Fixed in MOVEit Automation 2024.1.8)
According to Progress Software, there are no available workarounds for these vulnerabilities, which means organizations must apply the patches as soon as possible to protect their systems.
The vulnerabilities were discovered and reported by researchers from Airbus SecLab, including Anaïs Gantet, Delphine Gourdou, Quentin Liddell, and Matteo Ricordeau. Their responsible disclosure allowed Progress Software to develop and release patches before potential exploits could emerge.
While Progress Software has not indicated that these specific vulnerabilities have been exploited in the wild, the timing of these patches comes amid heightened concerns about file transfer security. Previous vulnerabilities in MOVEit Transfer have been actively exploited by ransomware groups like Cl0p, which has targeted numerous organizations through similar flaws.
Security experts emphasize that organizations using MOVEit Automation should prioritize applying these updates, especially given the potential for authentication bypass attacks. Such attacks could allow attackers to move laterally within networks and access sensitive data without triggering standard security controls.
For organizations unable to immediately patch the systems, security professionals recommend implementing additional monitoring for unusual authentication attempts and restricting access to the MOVEit Automation backend interfaces where possible.
The discovery underscores the importance of regular vulnerability management for enterprise file transfer systems, which often handle sensitive data and serve as critical infrastructure components in many organizations.
Organizations should review their MOVEit Automation deployments to confirm they are running patched versions and assess whether any unusual activity has occurred on their systems prior to the patch release.
For more information about the vulnerabilities and patches, organizations can refer to Progress Software's official advisory page, which contains detailed information about the vulnerabilities and the affected components.
The security community continues to emphasize that file transfer platforms remain high-value targets for attackers, making prompt patching and security assessments essential for organizations using these systems.
Comments
Please log in or register to join the discussion