Full Report
Progress Software has released updates to address two security flaws in MOVEit Automation, including a critical bug that could result in an authentication bypass. MOVEit Automation (formerly Central) is a secure, server-based managed file transfer (MFT) solution used to schedule and automate file movement workflows in enterprise environments without requiring any custom scripts. The
Analysis Summary
# Vulnerability: MOVEit Automation Authentication Bypass and Privilege Escalation
## CVE Details
- **CVE ID:** CVE-2026-4670, CVE-2026-5174
- **CVSS Score:**
- **CVE-2026-4670:** 9.8 (Critical)
- **CVE-2026-5174:** 7.7 (High)
- **CWE:**
- **CVE-2026-4670:** Authentication Bypass
- **CVE-2026-5174:** Improper Input Validation (leading to Privilege Escalation)
## Affected Systems
- **Products:** MOVEit Automation (managed file transfer solution)
- **Versions:**
- Versions ≤ 2025.1.4
- Versions ≤ 2025.0.8
- Versions ≤ 2024.1.7
- **Configurations:** Systems utilizing service backend command port interfaces.
## Vulnerability Description
Progress Software has addressed two flaws in the MOVEit Automation backend.
- **CVE-2026-4670** allows an attacker to bypass authentication mechanisms via the service backend command port interfaces.
- **CVE-2026-5174** is an improper input validation flaw within the same interfaces that can be leveraged to escalate privileges.
Combined, these flaws allow unauthorized actors to gain administrative control over the MFT environment and expose sensitive data handled by the automation workflows.
## Exploitation
- **Status:** Not currently reported as exploited in the wild; No public PoC mentioned.
- **Complexity:** Low (implied by CVSS 9.8 for the primary flaw).
- **Attack Vector:** Network (exploitable via command port interfaces).
## Impact
- **Confidentiality:** High (Full data exposure).
- **Integrity:** High (Unauthorized administrative control/modification of workflows).
- **Availability:** High (Potential for service disruption).
## Remediation
### Patches
Progress Software recommends immediate upgrading to the following fixed versions:
- **MOVEit Automation 2025.1.5**
- **MOVEit Automation 2025.0.9**
- **MOVEit Automation 2024.1.8**
### Workarounds
- **None:** Progress Software states there are no workarounds that effectively resolve these issues. Patching is the only definitive mitigation.
## Detection
- **Indicators of Compromise:** Monitor for unusual traffic or unauthorized connections to the service backend command port interfaces.
- **Detection Methods:** Review administrative logs for unexpected privilege changes or task modifications. Security teams should audit access to the MFT backend to ensure only authorized service accounts are communicating with the command ports.
## References
- **Vendor Advisory:** hxxps://community[.]progress[.]com/s/article/MOVEit-Automation-Critical-Security-Alert-Bulletin-April-2026-CVE-2026-4670-CVE-2026-5174
- **Researcher Credit:** hxxps://airbus-seclab[.]github[.]io/#2026
- **NVD Entries:**
- hxxps://nvd[.]nist[.]gov/vuln/detail/CVE-2026-4670
- hxxps://nvd[.]nist[.]gov/vuln/detail/CVE-2026-5174