• Home
  • cyber
  • Progress Software: MOVEit Authentication Bypass Vulnerability Sparks Security Concerns
cyber Vulnerability

Progress Software: MOVEit Authentication Bypass Vulnerability Sparks Security Concerns

Apr 30, 2026 2 min read
Progress Software: MOVEit Authentication Bypass Vulnerability Sparks Security Concerns

Critical MOVEit Automation Vulnerabilities Expose Systems to Authentication Bypass and Privilege Escalation

Progress Software has issued an urgent security alert for its MOVEit Automation software, addressing two severe vulnerabilities that could allow attackers to bypass authentication and escalate privileges to gain administrative control. The flaws, disclosed on April 30, 2026, were identified by researchers at Airbus SecLab and pose significant risks, including data exposure and full network compromise.

The vulnerabilities are tracked as:

  • CVE-2026-4670 – An authentication bypass flaw in the service backend command port interface.
  • CVE-2026-5174 – A privilege escalation issue caused by improper input validation.

Exploitation of these weaknesses could enable attackers to take over systems, making immediate patching critical. Progress Software has released fixes for affected versions:

  • 2025.1.4 and earlier → Upgrade to 2025.1.5
  • 2025.0.8 and earlier → Upgrade to 2025.0.9
  • 2024.1.7 and earlier → Upgrade to 2024.1.8

Administrators can verify their current version via the MOVEit Automation Web Admin portal under the Help > About section. The only remediation is a full upgrade using the installer from Progress Software, which requires temporary system downtime.

Customers with active maintenance can download patches from the Progress Community portal, while those without current licensing must contact a Progress sales representative to secure their systems. Organizations are advised to monitor system audit logs for unusual activity or unauthorized privilege changes.

Source: https://gbhackers.com/moveit-authentication-bypass-vulnerability/

Progress Software cybersecurity rating report: https://www.rankiteo.com/company/progress-software

"id": "PRO1777883125",
"linkid": "progress-software",
"type": "Vulnerability",
"date": "4/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"
{'affected_entities': [{'customers_affected': 'Organizations using MOVEit '
                                              'Automation versions 2025.1.4 '
                                              'and earlier, 2025.0.8 and '
                                              'earlier, 2024.1.7 and earlier',
                        'industry': 'Software',
                        'name': 'Progress Software',
                        'type': 'Vendor'}],
 'attack_vector': 'Service backend command port interface',
 'customer_advisories': 'Verify current version via MOVEit Automation Web '
                        'Admin portal under Help > About. Full upgrade '
                        'required using the installer from Progress Software.',
 'date_detected': '2026-04-30',
 'date_publicly_disclosed': '2026-04-30',
 'description': 'Progress Software has issued an urgent security alert for its '
                'MOVEit Automation software, addressing two severe '
                'vulnerabilities that could allow attackers to bypass '
                'authentication and escalate privileges to gain administrative '
                'control. The flaws pose significant risks, including data '
                'exposure and full network compromise.',
 'impact': {'data_compromised': 'Data exposure',
            'downtime': 'Temporary system downtime required for patching',
            'operational_impact': 'Full network compromise possible',
            'systems_affected': 'MOVEit Automation software'},
 'post_incident_analysis': {'corrective_actions': 'Patching and monitoring for '
                                                  'unauthorized privilege '
                                                  'changes',
                            'root_causes': 'Improper input validation and '
                                           'authentication bypass flaws in '
                                           'MOVEit Automation software'},
 'recommendations': 'Immediately upgrade to patched versions (2025.1.5, '
                    '2025.0.9, 2024.1.8) and monitor system audit logs for '
                    'suspicious activity.',
 'references': [{'source': 'Progress Software Security Alert'},
                {'source': 'Airbus SecLab Research'}],
 'response': {'communication_strategy': 'Urgent security alert issued to '
                                        'customers',
              'containment_measures': 'Full upgrade to patched versions '
                                      '(2025.1.5, 2025.0.9, 2024.1.8)',
              'enhanced_monitoring': 'Monitor system audit logs for unusual '
                                     'activity or unauthorized privilege '
                                     'changes',
              'remediation_measures': 'Patching via installer from Progress '
                                      'Software'},
 'stakeholder_advisories': 'Customers with active maintenance can download '
                           'patches from the Progress Community portal. Those '
                           'without current licensing must contact a Progress '
                           'sales representative.',
 'title': 'Critical MOVEit Automation Vulnerabilities Expose Systems to '
          'Authentication Bypass and Privilege Escalation',
 'type': 'Vulnerability Exploitation',
 'vulnerability_exploited': ['CVE-2026-4670', 'CVE-2026-5174']}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.