9.8
CVE-2026-8801
- EPSS 0.31%
- Veröffentlicht 08.07.2026 20:17:01
- Zuletzt bearbeitet 09.07.2026 19:16:37
- Quelle security@progress.com
- CVE-Watchlists
- Unerledigt
File Extension Restriction Bypass in MOVEit Transfer
Path equivalence: vulnerability in Progress MOVEit Transfer (File Upload modules). This issue affects MOVEit Transfer: before 2025.0.8, from 2025.1.0 before 2025.1.4.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Progress ≫ Moveit Transfer Version < 2025.0.8
Progress ≫ Moveit Transfer Version >= 2025.1.0 < 2025.1.4
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.31% | 0.23 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| security@progress.com | 3.5 | 2.1 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
|
CWE-46 Path Equivalence: 'filename ' (Trailing Space)
The product accepts path input in the form of trailing space ('filedir ') without appropriate validation, which can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files.
https://docs.progress.com/bundle/moveit-transfer-release-notes-2026/page/Fixed-Issues-in-2026.html