Critical severity9.8NVD Advisory· Published Apr 30, 2026· Updated May 4, 2026
CVE-2026-4670
CVE-2026-4670
Description
Authentication bypass by primary weakness vulnerability in Progress Software MOVEit Automation allows Authentication Bypass.
This issue affects MOVEit Automation: from 2025.0.0 before 2025.0.9, from 2024.0.0 before 2024.1.8, versions prior to 2024.0.0.
Affected products
2cpe:2.3:a:progress:moveit_automation:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:progress:moveit_automation:*:*:*:*:*:*:*:*range: <2024.1.8
- (no CPE)range: >=2025.0.0 <2025.0.9, >=2024.0.0 <2024.1.8, <2024.0.0
Patches
Vulnerability mechanics
References
1News mentions
7- 11th May – Threat Intelligence ReportCheck Point Research · May 11, 2026
- ⚡ Weekly Recap: Linux Rootkit, macOS Crypto Stealer, WebSocket Skimmers and MoreThe Hacker News · May 11, 2026
- Week in review: cPanel vulnerability actively exploited, DigiCert breach, LinkedIn job scamsHelp Net Security · May 10, 2026
- ThreatsDay Bulletin: Edge Plaintext Passwords, ICS 0-Days, Patch-or-Die Alerts and 25+ New StoriesThe Hacker News · May 7, 2026
- Progress Patches Critical MOVEit Automation Bug Enabling Authentication BypassThe Hacker News · May 4, 2026
- Critical MOVEit Automation auth bypass vulnerability fixed (CVE-2026-4670)Help Net Security · May 4, 2026
- Progress warns of critical MOVEit Automation auth bypass flawBleepingComputer · May 4, 2026