CVE-2026-4670
published 2026-04-30CVE-2026-4670: Authentication bypass by primary weakness vulnerability in Progress Software MOVEit Automation allows Authentication Bypass. This issue affects MOVEit…
PriorityP270critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
5.63%
92.0th percentile
Authentication bypass by primary weakness vulnerability in Progress Software MOVEit Automation allows Authentication Bypass.
This issue affects MOVEit Automation: from 2025.0.0 before 2025.0.9, from 2024.0.0 before 2024.1.8, versions prior to 2024.0.0.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| progress | moveit_automation | < 2024.1.8 | 2024.1.8 |
| progress | moveit_automation | >= 2025.0.0 < 2025.1.5 | 2025.1.5 |
| progress_software | moveit_automation | < 2024.0.0 | 2024.0.0 |
| progress_software | moveit_automation | >= 2024.0.0 < 2024.1.8 | 2024.1.8 |
| progress_software | moveit_automation | >= 2025.0.0 < 2025.0.9 | 2025.0.9 |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2026-4670 targets the service backend command port interfaces of MOVEit Automation; monitor for unauthenticated connections to these internal command ports as a detection signal. ↗
- →Exploitation of CVE-2026-4670 requires no privileges and no user interaction in low-complexity attacks; alert on unexpected unauthenticated sessions or administrative actions in MOVEit Automation logs. ↗
- →Over 1,400 MOVEit Automation instances are internet-exposed; prioritize monitoring and patching of internet-facing deployments, especially those linked to government agencies. ↗
- ·Upgrading to a patched release using the full installer is the only remediation; no workarounds exist, and the upgrade causes a system outage. ↗
- ·There are no workarounds available for CVE-2026-4670 or the companion CVE-2026-5174; patching to fixed versions (2025.1.5, 2025.0.9, or 2024.1.8) is mandatory. ↗
- ·CVE-2026-4670 affects MOVEit Automation from 2025.0.0 before 2025.0.9, from 2024.0.0 before 2024.1.8, and all versions prior to 2024.0.0. ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-2cqj-hxr6-hc5p: Authentication bypass by primary weakness vulnerability in Progress Software MOVEit Automation allows Authentication Bypass
ghsa_unreviewed·2026-04-30
CVE-2026-4670 [CRITICAL] CWE-305 GHSA-2cqj-hxr6-hc5p: Authentication bypass by primary weakness vulnerability in Progress Software MOVEit Automation allows Authentication Bypass
Authentication bypass by primary weakness vulnerability in Progress Software MOVEit Automation allows Authentication Bypass.
This issue affects MOVEit Automation: from 2025.0.0 before 2025.0.9, from 2024.0.0 before 2024.1.8, versions prior to 2024.0.0.
VulDB
Progress MOVEit Automation up to 2024.1.7/2025.0.8 authentication bypass
vuldb·2026-04-30·CVSS 9.8
CVE-2026-4670 [CRITICAL] Progress MOVEit Automation up to 2024.1.7/2025.0.8 authentication bypass
A vulnerability identified as very critical has been detected in Progress MOVEit Automation up to 2024.1.7/2025.0.8. Affected by this vulnerability is an unknown functionality. Performing a manipulation results in authentication bypass by primary weakness.
This vulnerability is reported as CVE-2026-4670. The attack is possible to be carried out remotely. No exploit exists.
You should upgrade the affected component.
No detection rules found.
No public exploits indexed.
Checkpoint
11th May – Threat Intelligence Report
blogs_checkpoint·2026-05-11
CVE-2026-4670 11th May – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 11th May – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 11th May, please download our Threat Intelligence Bulletin.
TOP ATTACKS AND BREACHES
Instructure, the US education technology company behind the Canvas learning platform, has confirmed a major data breach affecting its cloud-hosted environment. Exposed data reportedly includes student and staff records and private messages, while ShinyHunters escalated the attack by defacing hundreds of school login portals with r
Hackernews
⚡ Weekly Recap: Linux Rootkit, macOS Crypto Stealer, WebSocket Skimmers and More
blogs_hackernews·2026-05-11·CVSS 9.3
CVE-2026-6973 [CRITICAL] ⚡ Weekly Recap: Linux Rootkit, macOS Crypto Stealer, WebSocket Skimmers and More
Home
Threat Intelligence
Vulnerabilities
Cyber Attacks
Webinars
Expert Insights
Awards
Webinars
Awards
Free eBooks
About THN
Jobs
Advertise with us
## ⚡ Weekly Recap: Linux Rootkit, macOS Crypto Stealer, WebSocket Skimmers and More
Rough Monday.
Somebody poisoned a trusted download again, somebody else turned cloud servers into public housing, and a few crews are still getting into boxes with bugs that should’ve died years ago — the same old holes, same lazy access paths, same “how the hell is this still open” feeling. One report this week basically reads like a guy tripped over root access by accident and decided to stay there.
The weird part is how normal this all sounds now. Fake updates. Quiet backdoors. Remote tools are used like skeleton keys. Forum rats swapping st
Hackernews
ThreatsDay Bulletin: Edge Plaintext Passwords, ICS 0-Days, Patch-or-Die Alerts and 25+ New Stories
blogs_hackernews·2026-05-07
CVE-2026-7411 ThreatsDay Bulletin: Edge Plaintext Passwords, ICS 0-Days, Patch-or-Die Alerts and 25+ New Stories
Home
Threat Intelligence
Vulnerabilities
Cyber Attacks
Webinars
Expert Insights
Awards
Webinars
Awards
Free eBooks
About THN
Jobs
Advertise with us
## ThreatsDay Bulletin: Edge Plaintext Passwords, ICS 0-Days, Patch-or-Die Alerts and 25+ New Stories
Bad week.
Turns out the easiest way to get hacked in 2026 is still the same old garbage: shady packages, fake apps, forgotten DNS junk, scam ads, and stolen logins getting dumped into Discord channels like it’s normal. Some of these attack chains don’t even feel sophisticated anymore. More like some tired guy with a Telegram account and too much free time. The worst part is how often this stuff still works.
Meanwhile, AI tools are speeding up exploit hunting, browsers are keeping passwords sitting in memory for “performance re
Hackernews
Progress Patches Critical MOVEit Automation Bug Enabling Authentication Bypass
blogs_hackernews·2026-05-04·CVSS 9.8
CVE-2026-4670 [CRITICAL] Progress Patches Critical MOVEit Automation Bug Enabling Authentication Bypass
Home
Threat Intelligence
Vulnerabilities
Cyber Attacks
Webinars
Expert Insights
Awards
Webinars
Awards
Free eBooks
About THN
Jobs
Advertise with us
## Progress Patches Critical MOVEit Automation Bug Enabling Authentication Bypass
Progress Software has released updates to address two security flaws in MOVEit Automation, including a critical bug that could result in an authentication bypass.
MOVEit Automation (formerly Central) is a secure, server-based managed file transfer (MFT) solution used to schedule and automate file movement workflows in enterprise environments without requiring any custom scripts.
The vulnerabilities in question are CVE-2026-4670 (CVSS score: 9.8), an authentication bypass vulnerability, and CVE-2026-5174 (CVSS score: 7.7), an improper input valida
Bleepingcomputer
Progress warns of critical MOVEit Automation auth bypass flaw
blogs_bleepingcomputer·2026-05-04·CVSS 9.8
CVE-2026-4670 [CRITICAL] Progress warns of critical MOVEit Automation auth bypass flaw
## Progress warns of critical MOVEit Automation auth bypass flaw
## Sergiu Gatlan
Progress Software warned customers to patch a critical authentication bypass vulnerability in its MOVEit Automation enterprise-grade managed file transfer (MFT) application.
MOVEit Automation automates complex data workflows without requiring manual scripting and serves as a central automation orchestrator to schedule and manage file transfers between different systems, including local servers, cloud storage, and external partners.
Tracked as CVE-2026-4670 , the security flaw affects MOVEit Automation versions before 2025.1.5, 2025.0.9, and 2024.1.8. Remote threat actors can exploit it without privileges on the targeted systems in low-complexity attacks that don't require user interaction.
"We have addre
2026-04-30
Published