CRITICAL🇵🇱 Wersja polska

CVE-2026-4670

CVSS 9.8v3.1pub. 2026-04-30upd. 2026-05-04

Authentication bypass by primary weakness vulnerability in Progress Software MOVEit Automation allows Authentication Bypass. This issue affects MOVEit Automation: from 2025.0.0 before 2025.0.9, from 2024.0.0 before 2024.1.8, versions prior to 2024.0.0.

🤖 AI Analysis
How it works

The vulnerability, classified as CWE-305 (Authentication Bypass by Primary Weakness), allows an attacker to bypass the application's primary authentication mechanism without possessing any credentials. The attack is executed remotely over the network (AV:N), requires no privileges (PR:N) or user interaction (UI:N), and has low attack complexity (AC:L). The detailed technical mechanism has not been disclosed in the vendor's public bulletin.

Impact

Successful exploitation of this vulnerability may allow an attacker to gain complete control over the MOVEit Automation system, including unauthorized access to sensitive data, modification or deletion of data, and disruption of service availability (complete breach of confidentiality, integrity, and availability).

Mitigation & patch

MOVEit Automation must be updated immediately to version 2025.0.9 or later (for the 2025.x branch) or to version 2024.1.8 or later (for the 2024.x branch). Detailed update instructions are available in the vendor's official security bulletin at: https://community.progress.com/s/article/MOVEit-Automation-Critical-Security-Alert-Bulletin-April-2026-CVE-2026-4670-CVE-2026-5174

Who is affected

Progress Software MOVEit Automation in versions: 2025.0.0 before 2025.0.9, 2024.0.0 before 2024.1.8, and all versions earlier than 2024.0.0.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Progress Moveit Automation

    APP
    Progress
    < 2024.1.82025.0.0 – 2025.1.5 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2026-5174HIGH7.7ten sam produkt

Improper input validation vulnerability in Progress Software MOVEit Automation allows Privilege Escalation. T...

CVE-2026-8485MEDIUM5.9ten sam produkt

Uncontrolled Memory Allocation vulnerability in Progress Software MOVEit Automation allows Excessive Allocatio...

CVE-2026-8487MEDIUM6.5ten sam produkt

Incorrect default permissions vulnerability in Progress Software MOVEit Automation allows Retrieve Embedded Se...

CVE-2026-8488MEDIUM4.3ten sam produkt

Allocation of resources without limits or throttling vulnerability in Progress Software MOVEit Automation allo...

CVE-2026-8486MEDIUM5.3ten sam produkt

Allocation of resources without limits or throttling vulnerability in Progress Software MOVEit Automation allo...