Progress warns of critical MOVEit Automation auth bypass flaw
Progress warns of critical MOVEit Automation auth bypass flaw
Publish Date: 2026-05-04 08:18:57
Source Domain: www.bleepingcomputer.com
Progress Software has issued a strong warning urging customers to urgently patch a critical authentication bypass vulnerability in its MOVEit Automation managed file transfer (MFT) application. Marked as CVE-2026-4670, the vulnerability impacts previous versions of MOVEit Automation, allowing remote threat actors to exploit it without requiring user interaction or privileges on the targeted systems. The company has released security updates, recommending an upgrade to the latest version, although this will result in a temporary system outage. Additionally, another high-severity privilege escalation vulnerability, CVE-2026-5174, has also been addressed. Over 1,400 instances of MOVEit Automation are exposed online, including those linked to U.S. government agencies, although there is no information on how many have been secured against the latest threat. Despite no current reports of this specific flaw being exploited, there is historical precedent for MFT systems being targeted by ransomware gangs, including recent attacks on other software platforms by ransomware groups.
Key Points:
– Critical authentication bypass vulnerability in MOVEit Automation is urging users to apply patches.
– The security flaw affects earlier versions of MOVEit Automation.
– There is no information on how many exposed systems are vulnerable to exploitation.
– The company has issued security updates addressing additional high-severity vulnerabilities.
– Past exploitation of similar MFT vulnerabilities by ransomware gangs underscores industry risks.
