Progress Software disclosed two critical vulnerabilities in MOVEit Automation, including CVE-2026-4670, an improper authentication flaw that can allow authentication bypass over the network without user interaction. The issue is rated critical with CVSS AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating potential for high-impact compromise of confidentiality, integrity, and availability. Progress linked the flaw to CWE-305 and included it in a security bulletin covering both CVE-2026-4670 and CVE-2026-5174.
The advisories affect multiple MOVEit Automation release branches, including versions prior to 2025.0.9, 2024.1.8, and releases before 2024.0.0, with broader vendor and government guidance also referencing affected builds such as 2025.1.4 and earlier, 2025.0.8 and earlier, 2024.1.7 and earlier, and 2024.0.0 and earlier. The Canadian Centre for Cyber Security urged organizations to review the Progress bulletin and apply the required updates to mitigate exposure in internet-reachable file transfer automation environments.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
4 events from the most recent confirmed update back to the earliest known activity.
Help Net Security reported that the MOVEit Automation vulnerabilities CVE-2026-4670 and CVE-2026-5174 were privately reported by Airbus researchers. The flaws could be chained to gain administrative control, but the report said there was no indication of in-the-wild exploitation.
The Canadian Centre for Cyber Security issued alert AV26-410 referencing Progress's advisories and urged users and administrators to review the vendor bulletin and apply the necessary updates for MOVEit Automation.
Progress published security advisories for critical MOVEit Automation vulnerabilities including CVE-2026-4670 and CVE-2026-5174, identifying affected version branches and fixed releases. The advisories covered versions such as 2025.0.0 before 2025.0.9, 2024.0.0 before 2024.1.8, and prior branches, and directed customers to update.
Progress Software received a report at security@progress.com about CVE-2026-4670, an improper authentication vulnerability in MOVEit Automation described as an authentication bypass issue.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
10 references tracked. Mallory keeps watching after this page renders.
scworld.com
Open sourcehipaajournal.com
Open sourcerunzero.com
Open sourcesecurityaffairs.com
Open sourcehelpnetsecurity.com
Open sourcebleepingcomputer.com
Open sourcecyber.gc.ca
Open sourcecvefeed.io
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.