7.2
CVE-2026-10698
- EPSS 0.44%
- Veröffentlicht 08.07.2026 14:16:25
- Zuletzt bearbeitet 10.07.2026 14:33:24
- Quelle security@progress.com
- CVE-Watchlists
- Unerledigt
Table scope bypass vulnerability in custom reports
Improper Neutralization of Special Elements in Data Query Logic vulnerability in Progress MOVEit Transfer (Custom Reports modules). This issue affects MOVEit Transfer: from 2025.0.0 before 2025.0.8, from 2025.1.0 before 2025.1.4, from 2026.0.0 before 2026.0.1.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Progress ≫ Moveit Transfer Version <= 2024.1.8
Progress ≫ Moveit Transfer Version >= 2025.0.0 < 2025.0.8
Progress ≫ Moveit Transfer Version >= 2025.1.0 < 2025.1.4
Progress ≫ Moveit Transfer Version2026.0.0
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.44% | 0.355 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@progress.com | 7.2 | 1.2 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
CWE-943 Improper Neutralization of Special Elements in Data Query Logic
The product generates a query intended to access or manipulate data in a data store such as a database, but it does not neutralize or incorrectly neutralizes special elements that can modify the intended logic of the query.
https://community.progress.com/s/article/MOVEit-Transfer-Critical-Security-Bulletin-June-2026