CVE-2026-5174
published 2026-04-30CVE-2026-5174: Improper input validation vulnerability in Progress Software MOVEit Automation allows Privilege Escalation. This issue affects MOVEit Automation: from 2025.1.0…
PriorityP262high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
3.24%
86.7th percentile
Improper input validation vulnerability in Progress Software MOVEit Automation allows Privilege Escalation.
This issue affects MOVEit Automation: from 2025.1.0 before 2025.1.5, from 2025.0.0 before 2025.0.9, from 2024.0.0 before 2024.1.8, versions prior to 2024.0.0.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| progress | moveit_automation | < 2024.1.8 | 2024.1.8 |
| progress | moveit_automation | >= 2025.0.0 < 2025.1.5 | 2025.1.5 |
| progress_software | moveit_automation | < 2024.0.0 | 2024.0.0 |
| progress_software | moveit_automation | >= 2024.0.0 < 2024.1.8 | 2024.1.8 |
| progress_software | moveit_automation | >= 2025.0.0 < 2025.0.9 | 2025.0.9 |
| progress_software | moveit_automation | >= 2025.1.0 < 2025.1.5 | 2025.1.5 |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2026-5174 is an improper input validation vulnerability enabling privilege escalation via the service backend command port interfaces of MOVEit Automation ↗
- →CVE-2026-5174 affects MOVEit Automation versions up to and including 2025.1.4, 2025.0.8, 2024.1.7, and all versions prior to 2024.0.0; detect unpatched instances by version fingerprinting ↗
- ·No workarounds exist; upgrading to a patched release using the full installer is the only remediation method, and the upgrade causes a system outage ↗
- ·No exploitation in the wild has been confirmed at time of reporting, but the vulnerability class and product history (Cl0p ransomware exploitation of MOVEit Transfer in 2023) make it a high-priority target ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-9pjg-ppfq-29g7: Improper input validation vulnerability in Progress Software MOVEit Automation allows Privilege Escalation
ghsa_unreviewed·2026-04-30
CVE-2026-5174 [HIGH] CWE-20 GHSA-9pjg-ppfq-29g7: Improper input validation vulnerability in Progress Software MOVEit Automation allows Privilege Escalation
Improper input validation vulnerability in Progress Software MOVEit Automation allows Privilege Escalation.
This issue affects MOVEit Automation: from 2025.1.0 before 2025.1.5, from 2025.0.0 before 2025.0.9, from 2024.0.0 before 2024.1.8, versions prior to 2024.0.0.
VulDB
Progress MOVEit Automation up to 2024.1.7/2025.0.8/2025.1.4 input validation
vuldb·2026-04-30·CVSS 7.7
CVE-2026-5174 [HIGH] Progress MOVEit Automation up to 2024.1.7/2025.0.8/2025.1.4 input validation
A vulnerability labeled as problematic has been found in Progress MOVEit Automation up to 2024.1.7/2025.0.8/2025.1.4. Affected by this issue is some unknown functionality. Executing a manipulation can lead to improper input validation.
This vulnerability appears as CVE-2026-5174. The attack may be performed from remote. There is no available exploit.
The affected component should be upgraded.
No detection rules found.
No public exploits indexed.
Checkpoint
11th May – Threat Intelligence Report
blogs_checkpoint·2026-05-11
CVE-2026-4670 11th May – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 11th May – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 11th May, please download our Threat Intelligence Bulletin.
TOP ATTACKS AND BREACHES
Instructure, the US education technology company behind the Canvas learning platform, has confirmed a major data breach affecting its cloud-hosted environment. Exposed data reportedly includes student and staff records and private messages, while ShinyHunters escalated the attack by defacing hundreds of school login portals with r
Hackernews
⚡ Weekly Recap: Linux Rootkit, macOS Crypto Stealer, WebSocket Skimmers and More
blogs_hackernews·2026-05-11·CVSS 9.3
CVE-2026-6973 [CRITICAL] ⚡ Weekly Recap: Linux Rootkit, macOS Crypto Stealer, WebSocket Skimmers and More
Home
Threat Intelligence
Vulnerabilities
Cyber Attacks
Webinars
Expert Insights
Awards
Webinars
Awards
Free eBooks
About THN
Jobs
Advertise with us
## ⚡ Weekly Recap: Linux Rootkit, macOS Crypto Stealer, WebSocket Skimmers and More
Rough Monday.
Somebody poisoned a trusted download again, somebody else turned cloud servers into public housing, and a few crews are still getting into boxes with bugs that should’ve died years ago — the same old holes, same lazy access paths, same “how the hell is this still open” feeling. One report this week basically reads like a guy tripped over root access by accident and decided to stay there.
The weird part is how normal this all sounds now. Fake updates. Quiet backdoors. Remote tools are used like skeleton keys. Forum rats swapping st
Hackernews
Progress Patches Critical MOVEit Automation Bug Enabling Authentication Bypass
blogs_hackernews·2026-05-04·CVSS 9.8
CVE-2026-4670 [CRITICAL] Progress Patches Critical MOVEit Automation Bug Enabling Authentication Bypass
Home
Threat Intelligence
Vulnerabilities
Cyber Attacks
Webinars
Expert Insights
Awards
Webinars
Awards
Free eBooks
About THN
Jobs
Advertise with us
## Progress Patches Critical MOVEit Automation Bug Enabling Authentication Bypass
Progress Software has released updates to address two security flaws in MOVEit Automation, including a critical bug that could result in an authentication bypass.
MOVEit Automation (formerly Central) is a secure, server-based managed file transfer (MFT) solution used to schedule and automate file movement workflows in enterprise environments without requiring any custom scripts.
The vulnerabilities in question are CVE-2026-4670 (CVSS score: 9.8), an authentication bypass vulnerability, and CVE-2026-5174 (CVSS score: 7.7), an improper input valida
Bleepingcomputer
Progress warns of critical MOVEit Automation auth bypass flaw
blogs_bleepingcomputer·2026-05-04·CVSS 9.8
CVE-2026-4670 [CRITICAL] Progress warns of critical MOVEit Automation auth bypass flaw
## Progress warns of critical MOVEit Automation auth bypass flaw
## Sergiu Gatlan
Progress Software warned customers to patch a critical authentication bypass vulnerability in its MOVEit Automation enterprise-grade managed file transfer (MFT) application.
MOVEit Automation automates complex data workflows without requiring manual scripting and serves as a central automation orchestrator to schedule and manage file transfers between different systems, including local servers, cloud storage, and external partners.
Tracked as CVE-2026-4670 , the security flaw affects MOVEit Automation versions before 2025.1.5, 2025.0.9, and 2024.1.8. Remote threat actors can exploit it without privileges on the targeted systems in low-complexity attacks that don't require user interaction.
"We have addre
2026-04-30
Published