CVE-2026-8487

Vulnerability

Overview

CVE-2026-8487 describes an incorrect default permissions vulnerability in Progress Software MOVEit Automation. The flaw stems from overly permissive default access controls, which can be exploited to retrieve embedded sensitive data from the application. This issue affects MOVEit Automation versions prior to 2025.0.11 and versions 2025.1.0 through 2025.1.7 [1].

Exploitation and

Attack Surface

An attacker with local or network access to the MOVEit Automation environment could leverage the misconfigured permissions to access files or data that contain embedded secrets, such as credentials or configuration tokens. No authentication is required beyond the default access level, making the attack surface broad for users who have not tightened permissions post-installation. The vulnerability is classified as medium severity (CVSS 6.5) due to the need for some level of access, but the potential for data exposure is significant.

Impact

Successful exploitation allows an attacker to retrieve sensitive data embedded within the application, potentially leading to further compromise of the MOVEit Automation system or connected infrastructure. This could include disclosure of authentication credentials, API keys, or other confidential information used in automated workflows.

Mitigation

Progress Software has addressed this issue in MOVEit Automation 2025.0.11 and 2025.1.7. Users are strongly advised to upgrade to these or later versions. The release notes confirm the fix as part of the 2026 update cycle [1]. No workarounds are documented; applying the patch is the recommended course of action.