MOVEit Automation CVE-2026-4670 authentication bypass and CVE-2026-5174 privilege escalation disclosed
Tags Security ยท Enterprise ยท Infrastructure
Progress Software disclosed two critical vulnerabilities in MOVEit Automation: CVE-2026-4670 (CVSS 9.8), an authentication bypass, and CVE-2026-5174 (CVSS 8.8), a privilege escalation flaw. The vulnerabilities affect versions before 2025.1.5, 2025.0.9, and 2024.1.8. Consultant Daniel Card identified over 1,400 internet-exposed MOVEit Automation instances via Shodan, with dozens linked to US municipal and state government agencies. The two vulnerabilities can be chained for full administrative control. Progress has not confirmed active exploitation, but MOVEit's history includes the devastating 2023 Clop ransomware campaign against MOVEit Transfer that affected 2,100+ organizations and 62+ million individuals.
Technical significance
MOVEit Automation manages file transfer orchestration for enterprises, and an authentication bypass at this level gives attackers control over critical data flows. The 1,400+ internet-exposed instances and government agency presence creates a high-value target surface. Given MOVEit Transfer's history with Clop ransomware, threat actors are likely already scanning for these new vulnerabilities. The distinction between MOVEit Automation and MOVEit Transfer is important โ many organizations may not realize they're running the affected product.