Summary
Progress Software patched a critical authentication bypass (CVE-2026-4670) and a high-severity privilege escalation flaw (CVE-2026-5174) in MOVEit Automation that could allow attackers to gain administrative control over managed file transfer systems.
Take Action:
If you use MOVEit Automation, immediately upgrade to version 2025.1.5, 2025.0.9, or 2024.1.8. There are no workarounds, so patching is the only fix. Plan for an outage during the upgrade, and make sure the management interface is isolated from the internet and accessible only from trusted networks.
Read the full article on BeyondMachines
This article was originally published on BeyondMachines
Top comments (0)