cbcvebase.
CVE-2026-5174
published 2026-04-30

CVE-2026-5174: Improper input validation vulnerability in Progress Software MOVEit Automation allows Privilege Escalation. This issue affects MOVEit Automation: from 2025.1.0…

PriorityP262high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
3.24%
86.7th percentile
Improper input validation vulnerability in Progress Software MOVEit Automation allows Privilege Escalation. This issue affects MOVEit Automation: from 2025.1.0 before 2025.1.5, from 2025.0.0 before 2025.0.9, from 2024.0.0 before 2024.1.8, versions prior to 2024.0.0.

Affected

6 ranges
VendorProductVersion rangeFixed in
progressmoveit_automation< 2024.1.82024.1.8
progressmoveit_automation>= 2025.0.0 < 2025.1.52025.1.5
progress_softwaremoveit_automation< 2024.0.02024.0.0
progress_softwaremoveit_automation>= 2024.0.0 < 2024.1.82024.1.8
progress_softwaremoveit_automation>= 2025.0.0 < 2025.0.92025.0.9
progress_softwaremoveit_automation>= 2025.1.0 < 2025.1.52025.1.5

Detection & IOCsextracted from sources · hover to see the quote

  • CVE-2026-5174 is an improper input validation vulnerability enabling privilege escalation via the service backend command port interfaces of MOVEit Automation
  • CVE-2026-5174 affects MOVEit Automation versions up to and including 2025.1.4, 2025.0.8, 2024.1.7, and all versions prior to 2024.0.0; detect unpatched instances by version fingerprinting
  • ·No workarounds exist; upgrading to a patched release using the full installer is the only remediation method, and the upgrade causes a system outage
  • ·No exploitation in the wild has been confirmed at time of reporting, but the vulnerability class and product history (Cl0p ransomware exploitation of MOVEit Transfer in 2023) make it a high-priority target
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.