CVE-2026-4670

Published Apr 30, 2026

Last updated 2 months ago

Overview

AI description

Automated description summarized from trusted sources.

CVE-2026-4670 is an authentication bypass vulnerability found in Progress Software's MOVEit Automation. This flaw allows unauthenticated, remote attackers to bypass the authentication mechanisms of the software. The vulnerability affects various versions of MOVEit Automation, specifically those from 2025.0.0 before 2025.0.9, from 2024.0.0 before 2024.1.8, and all versions prior to 2024.0.0.

Description
Authentication bypass by primary weakness vulnerability in Progress Software MOVEit Automation allows Authentication Bypass. This issue affects MOVEit Automation: from 2025.0.0 before 2025.0.9, from 2024.0.0 before 2024.1.8, versions prior to 2024.0.0.
Source
security@progress.com
NVD status
Analyzed
Products
moveit_automation

Risk scores

CVSS 3.1

Type
Secondary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

security@progress.com
CWE-305

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

2

Configurations