CVE-2026-8486
published 2026-05-20CVE-2026-8486: Allocation of resources without limits or throttling vulnerability in Progress Software MOVEit Automation allows Flooding. This issue affects MOVEit…
PriorityP341high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.40%
31.3th percentile
Allocation of resources without limits or throttling vulnerability in Progress Software MOVEit Automation allows Flooding.
This issue affects MOVEit Automation: before 2025.0.11, from 2025.1.0 before 2025.1.7.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| progress | moveit_automation | < 2025.0.11 | 2025.0.11 |
| progress | moveit_automation | >= 2025.1.0 < 2025.1.7 | 2025.1.7 |
| progress_software | moveit_automation | < 2025.0.11 | 2025.0.11 |
| progress_software | moveit_automation | >= 2025.1.0 < 2025.1.7 | 2025.1.7 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Progress MOVEit Automation up to 2025.0.10/2025.1.6 allocation of resources
vuldb·2026-05-20·CVSS 5.3
CVE-2026-8486 [MEDIUM] Progress MOVEit Automation up to 2025.0.10/2025.1.6 allocation of resources
A vulnerability was found in Progress MOVEit Automation up to 2025.0.10/2025.1.6. It has been rated as problematic. This affects an unknown function. The manipulation leads to allocation of resources.
This vulnerability is traded as CVE-2026-8486. It is possible to initiate the attack remotely. There is no exploit available.
Upgrading the affected component is advised.
GHSA
GHSA-3rgf-7jf4-5qfc: Allocation of resources without limits or throttling vulnerability in Progress Software MOVEit Automation allows Flooding
ghsa_unreviewed·2026-05-20
CVE-2026-8486 [MEDIUM] CWE-770 GHSA-3rgf-7jf4-5qfc: Allocation of resources without limits or throttling vulnerability in Progress Software MOVEit Automation allows Flooding
Allocation of resources without limits or throttling vulnerability in Progress Software MOVEit Automation allows Flooding.
This issue affects MOVEit Automation: before 2025.0.11, from 2025.1.0 before 2025.1.7.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-05-20
Published