CVE-2026-4670

April 30, 2026, 5:20 p.m.

9.8
Critical

Description

Authentication bypass by primary weakness vulnerability in Progress Software MOVEit Automation allows Authentication Bypass. This issue affects MOVEit Automation: from 2025.0.0 before 2025.0.9, from 2024.0.0 before 2024.1.8, versions prior to 2024.0.0.

Product(s) Impacted

Vendor Product Versions
Progress
  • Moveit Automation
  • 2025.0.0-2025.0.9, 2024.0.0-2024.1.8, <2024.0.0

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-305
Authentication Bypass by Primary Weakness
The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
a progress moveit_automation 2025.0.0-2025.0.9 / / / / / / /
a progress moveit_automation 2024.0.0-2024.1.8 / / / / / / /
a progress moveit_automation <2024.0.0 / / / / / / /

References

https://community.progress.com/s/article/MOVEit-Automation-Critical-Security-Alert-Bulletin-April-2026-CVE-2026-4670-CVE-2026-5174

Tags

CWE-305
[email protected]
2026-04-30
CVE-2026-4670

CVSS Score

9.8 / 10

CVSS Data - 3.1

  • Attack Vector: NETWORK
  • Attack Complexity: LOW
  • Privileges Required: NONE
  • Scope: UNCHANGED
  • Confidentiality Impact: HIGH
  • Integrity Impact: HIGH
  • Availability Impact: HIGH

    • CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

    View Vector String

Timeline

Published: April 30, 2026, 4:16 p.m.
Last Modified: April 30, 2026, 5:20 p.m.

Status : Undergoing Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

[email protected]

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.