7.5
CVE-2026-8651
- EPSS 0.22%
- Veröffentlicht 08.07.2026 20:17:00
- Zuletzt bearbeitet 09.07.2026 19:18:09
- Quelle security@progress.com
- CVE-Watchlists
- Unerledigt
IPv6 Loopback Spoof via Trusted Host Header Bypasses Origin Check in MOVEit Transfer
Limited authentication bypass by spoofing vulnerability in Progress MOVEit Transfer (HTTPS module). This issue affects MOVEit Transfer: before 2025.0.7, from 2025.1.0 before 2025.1.3.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Progress ≫ Moveit Transfer Version < 2025.0.7
Progress ≫ Moveit Transfer Version >= 2025.1.1 < 2025.1.3
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.22% | 0.118 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
|
| security@progress.com | 3.7 | 2.2 | 1.4 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
|
CWE-290 Authentication Bypass by Spoofing
This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.
https://docs.progress.com/bundle/moveit-transfer-release-notes-2026/page/Fixed-Issues-in-2026.html