CVE-2026-4670

Media report

EPSS 0.23%
Published 30.04.2026 15:06:11
Last modified 04.05.2026 18:20:39
Source security@progress.com
CVE watchlists
Login
Open
Login

Improper Authentication vulnerability in Progress MOVEit Automation

Authentication bypass by primary weakness vulnerability in Progress Software MOVEit Automation allows Authentication Bypass.

This issue affects MOVEit Automation: from 2025.0.0 before 2025.0.9, from 2024.0.0 before 2024.1.8, versions prior to 2024.0.0.

Affected products Warnungen 0 Metrics 2 CWE 1 References 9

NVD 2 VulnDex Vulnerability Enrichment 1

Data is provided by the National Vulnerability Database (NVD)

Progress ≫ Moveit Automation Version < 2024.1.8

Progress ≫ Moveit Automation Version >= 2025.0.0 < 2025.1.5

VulnDex Vulnerability Enrichment

This information is available to logged-in users.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metrics
Type	Source	Score	percentile
EPSS	FIRST.org	0.23%	0.45

CVSS Metrics
Source	Base Score	Exploit Score	Impact Score	Vector string
security@progress.com	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-305 Authentication Bypass by Primary Weakness

The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.

https://thehackernews.com/2026/05/weekly-recap-linux-rootkit-macos-crypto.html

Media Report

https://thehackernews.com/2026/05/threatsday-bulletin-edge-plaintext.html

Media Report

https://www.heise.de/news/Sicherheitsupdate-Unbefugte-Zugriffe-auf-MOVEit-Automation-moeglich-11281796.html

Media Report

https://thehackernews.com/2026/05/progress-patches-critical-moveit.html

Media Report

https://www.bleepingcomputer.com/news/security/moveit-automation-customers-warned-to-patch-critical-auth-bypass-flaw/

Media Report

https://community.progress.com/s/article/MOVEit-Automation-Critical-Security-Alert-Bulletin-April-2026-CVE-2026-4670-CVE-2026-5174

Vendor Advisory