cbcvebase.
CVE-2026-8487
published 2026-05-20

CVE-2026-8487: Incorrect default permissions vulnerability in Progress Software MOVEit Automation allows Retrieve Embedded Sensitive Data. This issue affects MOVEit…

PriorityP344high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
0.28%
19.7th percentile
Incorrect default permissions vulnerability in Progress Software MOVEit Automation allows Retrieve Embedded Sensitive Data. This issue affects MOVEit Automation: before 2025.0.11, from 2025.1.0 before 2025.1.7.

Affected

4 ranges
VendorProductVersion rangeFixed in
progressmoveit_automation< 2025.0.112025.0.11
progressmoveit_automation>= 2025.1.0 < 2025.1.72025.1.7
progress_softwaremoveit_automation< 2025.0.112025.0.11
progress_softwaremoveit_automation>= 2025.1.0 < 2025.1.72025.1.7
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.