7.5

CVE-2026-8651

IPv6 Loopback Spoof via Trusted Host Header Bypasses Origin Check in MOVEit Transfer

Limited authentication bypass by spoofing vulnerability in Progress MOVEit Transfer (HTTPS module).

This issue affects MOVEit Transfer: before 2025.0.7, from 2025.1.0 before 2025.1.3.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ProgressMoveit Transfer Version < 2025.0.7
ProgressMoveit Transfer Version >= 2025.1.1 < 2025.1.3
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.22% 0.118
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
security@progress.com 3.7 2.2 1.4
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
CWE-290 Authentication Bypass by Spoofing

This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.

https://docs.progress.com/bundle/moveit-transfer-release-notes-2026/page/Fixed-Issues-in-2026.html
Release Notes