"CVE-2026-4670 involves an authentication bypass via the service's backend command port interfaces. With a CVSS score of 9.8, it falls into the most severe category. An attacker without valid credentials can gain remote access to the system without requiring user interaction."
"The second vulnerability, CVE-2026-5174, is directly related to the first. An attacker who has gained access via the bypass can escalate their privileges to the administrator level due to insufficient input validation. The CVSS score for this vulnerability is 7.7."
"Progress makes it clear that no alternative mitigation is available. 'Upgrading to a patched release, using the full installer, is the only way to remediate this issue,' according to Progress."
Progress has addressed two serious vulnerabilities in MOVEit Automation, CVE-2026-4670 and CVE-2026-5174. CVE-2026-4670 allows authentication bypass with a CVSS score of 9.8, enabling remote access without valid credentials. CVE-2026-5174 permits privilege escalation to administrator level due to insufficient input validation, scoring 7.7. Both vulnerabilities can lead to unauthorized access and potential data exposure. Users must upgrade to secure versions 2025.1.5, 2025.0.9, or 2024.1.8, as no alternative mitigation is available. Service interruption will occur during installation.
Read at Techzine Global
Unable to calculate read time
Collection
[
|
...
]