About:
CVE-2026-4670 is a critical authentication bypass vulnerability in Progress MOVEit Automation caused by improper enforcement of authentication mechanisms.
An unauthenticated attacker can exploit this vulnerability over the network by sending crafted requests to the affected system. Successful exploitation may allow unauthorized access to the application without valid credentials, potentially exposing file transfer workflows and sensitive data.
RedLegg will occasionally communicate vulnerabilities released outside the usual release schedule to provide additional value to our customers. These emergency bulletins describe vulnerabilities or threats we classify as the highest severity level and warrant out-of-band emergency patching or mitigation action.
VULNERABILITIES
Authentication Bypass Vulnerability in Progress MOVEit Automation
Identifier: CVE-2026-4670
CVSS Score: 9.8 (Critical, CVSS v3.1)
PoC or Exploitation:
There are no confirmed reports of active exploitation in the wild and no validated public proof-of-concept exploit code.
Update/ Patch:
Progress Software has released fixes for this vulnerability.
Affected versions include:
- MOVEit Automation versions prior to 2024.0.0
- MOVEit Automation 2024.x versions before 2024.1.8
- MOVEit Automation 2025.0.x versions before 2025.0.9
- MOVEit Automation 2025.1.4 (17.1.4) and earlier
Fixed versions include:
- MOVEit Automation 2024.1.8
- MOVEit Automation 2025.0.9
- MOVEit Automation 2025.1.5 (17.1.5)
Progress advisory and patch guidance:
Description:
CVE-2026-4670 is an authentication bypass vulnerability in Progress MOVEit Automation caused by improper enforcement of authentication mechanisms.
An attacker can exploit this vulnerability over a network without authentication by sending crafted requests to the affected system. Successful exploitation may allow unauthorized access to the application without valid credentials.
Mitigation Recommendation:
Immediately upgrade MOVEit Automation to the fixed versions provided by Progress Software.
Prioritize patching internet-facing and externally accessible MOVEit Automation deployments.
Restrict access to MOVEit Automation interfaces to trusted networks where possible.
Monitor logs for suspicious authentication activity, unauthorized access attempts, or abnormal system behavior.