High severity7.7NVD Advisory· Published Apr 30, 2026· Updated May 4, 2026
CVE-2026-5174
CVE-2026-5174
Description
Improper input validation vulnerability in Progress Software MOVEit Automation allows Privilege Escalation.
This issue affects MOVEit Automation: from 2025.1.0 before 2025.1.5, from 2025.0.0 before 2025.0.9, from 2024.0.0 before 2024.1.8, versions prior to 2024.0.0.
Affected products
1- cpe:2.3:a:progress:moveit_automation:*:*:*:*:*:*:*:*Range: <2024.1.8
Patches
Vulnerability mechanics
References
1News mentions
6- 11th May – Threat Intelligence ReportCheck Point Research · May 11, 2026
- ⚡ Weekly Recap: Linux Rootkit, macOS Crypto Stealer, WebSocket Skimmers and MoreThe Hacker News · May 11, 2026
- Week in review: cPanel vulnerability actively exploited, DigiCert breach, LinkedIn job scamsHelp Net Security · May 10, 2026
- Progress Patches Critical MOVEit Automation Bug Enabling Authentication BypassThe Hacker News · May 4, 2026
- Critical MOVEit Automation auth bypass vulnerability fixed (CVE-2026-4670)Help Net Security · May 4, 2026
- Progress warns of critical MOVEit Automation auth bypass flawBleepingComputer · May 4, 2026