CVE-2026-8488
Description
Allocation of resources without limits or throttling vulnerability in Progress Software MOVEit Automation allows Excessive Allocation.
This issue affects MOVEit Automation: before 2025.0.11, from 2025.1.0 before 2025.1.7.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Progress Software MOVEit Automation is vulnerable to resource exhaustion via unrestricted allocation, leading to excessive resource consumption.
Vulnerability
Analysis
CVE-2026-8488 describes an allocation of resources without limits or throttling vulnerability in Progress Software MOVEit Automation. The root cause is the software's failure to impose limits or throttling on resource allocation, allowing excessive allocation that can exhaust system resources [1].
Exploitation
An attacker can exploit this vulnerability by sending crafted requests that trigger uncontrolled resource allocation. The attack requires network access to the MOVEit Automation service, but according to the CVSS score of 4.3 (Medium), no authentication is needed, making it accessible to unauthenticated remote attackers.
Impact
Successful exploitation results in excessive resource consumption, leading to denial of service (DoS). The application may become unresponsive or crash, disrupting automated file transfer operations.
Mitigation
Progress Software has addressed this issue in MOVEit Automation versions 2025.0.11 and 2025.1.7. Users should upgrade to these patched versions or later to remediate the vulnerability [1].
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: <2025.0.11 || >=2025.1.0 <2025.1.7
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.