Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

MOVEit automation flaws could enable full system compromise

Progress fixes critical MOVEit Automation flaws, including an authentication bypass bug that could let attackers gain unauthorized access to systems. Progress Software addressed two vulnerabilities in MOVEit Automation, a critical authentication bypass flaw tracked as CVE-2026-4670 and a privilege escalation issue tracked as CVE-2026-5174. If exploited, these bugs could allow attackers to gain unauthorized access […]

MOVEit Transfer welltok

Progress fixes critical MOVEit Automation flaws, including an authentication bypass bug that could let attackers gain unauthorized access to systems.

Progress Software addressed two vulnerabilities in MOVEit Automation, a critical authentication bypass flaw tracked as CVE-2026-4670 and a privilege escalation issue tracked as CVE-2026-5174. If exploited, these bugs could allow attackers to gain unauthorized access or elevate privileges.

MOVEit Automation is an enterprise managed file transfer (MFT) solution developed by Progress Software. It’s designed to securely move, schedule, and automate file transfers between systems, applications, and partners, without needing custom scripts.

MOVEit Automation is widely used to manage and automate file transfers in enterprise environments.

“Critical and high vulnerabilities in MOVEit Automation may allow authentication bypass and privilege escalation through the service backend command port interfaces” reads the advisory. “Exploitation may lead to unauthorized access, administrative control, and data exposure.”

The vulnerabilities impact the following versions:

  • MOVEit Automation <= 2025.1.4
  • MOVEit Automation <= 2025.0.8
  • MOVEit Automation <= 2024.1.7

Airbus SecLab researchers Anaïs Gantet, Delphine Gourdou, Quentin Liddell, and Matteo Ricordeau discovered and reported the vulnerabilities.

According to the advisory, no workarounds are available.

Flaws like this are especially dangerous because they can be weaponized quickly and at scale once discovered.

A vulnerability such as an authentication bypass or privilege escalation can let attackers gain access to many systems in a short time, especially when the affected software is widely used in enterprises. Once a working exploit exists, it often gets reused in large automated campaigns, not just targeted attacks.

This is what happened in past incidents involving ransomware groups like Clop ransomware group. They repeatedly abused vulnerabilities in file transfer systems (like MOVEit in 2023) to steal data from hundreds of organizations at once, before victims even had time to patch.

In August 2023, cybersecurity firm Emsisoft shared disconcerting details about a massive hacking campaign conducted by the Cl0p ransomware group that targeted the MOVEit Transfer file transfer platform designed by Progress Software Corporation.

According to the experts, the attacks impacted approximately 1,000 Organizations and 60,144,069 individuals. The Cl0p ransomware gang exploited the zero-day vulnerability CVE-2023-34362 to hack the platforms used by organizations worldwide and steal their data.

That’s why these bugs are high-risk: they don’t just affect one company, they can become the entry point for mass exploitation, data theft, and ransomware extortion campaigns worldwide.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, MOVEit Automation)