""Critical and high vulnerabilities in MOVEit Automation may allow authentication bypass and privilege escalation through the service backend command port interfaces. Exploitation may lead to unauthorized access, administrative control, and data exposure.""
""There are no workarounds that resolve the issues. While Progress makes no mention of the flaws being exploited in the wild, it's essential that users apply the fixes as soon as possible for optimal protection.""
Progress Software has addressed two significant security vulnerabilities in MOVEit Automation, including CVE-2026-4670, which has a CVSS score of 9.8 for authentication bypass, and CVE-2026-5174, with a score of 7.7 for improper input validation. These vulnerabilities could lead to unauthorized access and privilege escalation. The affected versions include MOVEit Automation up to 2025.1.4, 2025.0.8, and 2024.1.7, with fixes available in newer versions. Users are urged to apply these updates promptly to ensure security against potential exploitation.
#moveit-automation #security-vulnerabilities #authentication-bypass #privilege-escalation #software-updates
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]