cbcvebase.
CVE-2026-4670
published 2026-04-30

CVE-2026-4670: Authentication bypass by primary weakness vulnerability in Progress Software MOVEit Automation allows Authentication Bypass. This issue affects MOVEit…

PriorityP270critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
5.63%
92.0th percentile
Authentication bypass by primary weakness vulnerability in Progress Software MOVEit Automation allows Authentication Bypass. This issue affects MOVEit Automation: from 2025.0.0 before 2025.0.9, from 2024.0.0 before 2024.1.8, versions prior to 2024.0.0.

Affected

5 ranges
VendorProductVersion rangeFixed in
progressmoveit_automation< 2024.1.82024.1.8
progressmoveit_automation>= 2025.0.0 < 2025.1.52025.1.5
progress_softwaremoveit_automation< 2024.0.02024.0.0
progress_softwaremoveit_automation>= 2024.0.0 < 2024.1.82024.1.8
progress_softwaremoveit_automation>= 2025.0.0 < 2025.0.92025.0.9

Detection & IOCsextracted from sources · hover to see the quote

  • CVE-2026-4670 targets the service backend command port interfaces of MOVEit Automation; monitor for unauthenticated connections to these internal command ports as a detection signal.
  • Exploitation of CVE-2026-4670 requires no privileges and no user interaction in low-complexity attacks; alert on unexpected unauthenticated sessions or administrative actions in MOVEit Automation logs.
  • Over 1,400 MOVEit Automation instances are internet-exposed; prioritize monitoring and patching of internet-facing deployments, especially those linked to government agencies.
  • ·Upgrading to a patched release using the full installer is the only remediation; no workarounds exist, and the upgrade causes a system outage.
  • ·There are no workarounds available for CVE-2026-4670 or the companion CVE-2026-5174; patching to fixed versions (2025.1.5, 2025.0.9, or 2024.1.8) is mandatory.
  • ·CVE-2026-4670 affects MOVEit Automation from 2025.0.0 before 2025.0.9, from 2024.0.0 before 2024.1.8, and all versions prior to 2024.0.0.
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.