Progress Software disclosed and patched two vulnerabilities in MOVEit Automation, including CVE-2026-4670, a critical authentication-bypass flaw, and CVE-2026-5174, a high-severity privilege-escalation issue. The company warned that successful exploitation could let attackers access business data, gain administrative control, and expose sensitive information in the managed file transfer platform. Progress said customers must upgrade to the latest version using the full installer and shut down the software during the upgrade process to fully remediate the flaws.
External exposure appears significant. Internet scanning cited by Cybersecurity Dive found more than 1,440 internet-connected systems running vulnerable MOVEit Automation versions, including 16 associated with state and local government agencies, while Censys separately issued an advisory tracking CVE-2026-4670. The disclosure drew added attention because MOVEit products have previously been targeted in high-impact exploitation campaigns, increasing concern that exposed and unpatched systems could become immediate targets.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
5 events from the most recent confirmed update back to the earliest known activity.
Censys issued an advisory covering CVE-2026-4670, the MOVEit Automation authentication-bypass vulnerability. The advisory highlighted the flaw after Progress's disclosure and patch release.
Reporting on the MOVEit Automation flaws said Shodan data showed more than 1,440 internet-connected devices running vulnerable versions, including 16 associated with state and local government agencies. This quantified the potential exposure following disclosure of the bugs.
Progress Software disclosed and patched two MOVEit Automation vulnerabilities: critical authentication bypass CVE-2026-4670 and high-severity privilege escalation CVE-2026-5174. The company instructed customers to upgrade using the full installer and shut down the software during the update process.
Progress released a patch for a MOVEit Transfer resource-consumption vulnerability, according to later reporting. The reference does not provide additional technical details in the supplied content.
Progress disclosed and released a fix for CVE-2024-5806, an authentication-bypass vulnerability affecting MOVEit Transfer. The issue was documented by Tenable in coverage published on June 25, 2024.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
4 references tracked. Mallory keeps watching after this page renders.
censys.com
Open sourcecybersecuritydive.com
Open sourcelinkedin.com
Open sourcetenable.com
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.