CVE-2026-5174

Published Apr 30, 2026

Last updated 2 months ago

Overview

AI description

Automated description summarized from trusted sources.

CVE-2026-5174 is identified as an improper input validation vulnerability affecting Progress Software MOVEit Automation. This flaw enables privilege escalation within the affected software. The vulnerability impacts various versions of MOVEit Automation, specifically from 2025.1.0 before 2025.1.5, from 2025.0.0 before 2025.0.9, from 2024.0.0 before 2024.1.8, and all versions prior to 2024.0.0. This vulnerability can be combined with CVE-2026-4670, an authentication bypass flaw, to potentially achieve an unauthenticated administrative compromise.

Description
Improper input validation vulnerability in Progress Software MOVEit Automation allows Privilege Escalation. This issue affects MOVEit Automation: from 2025.1.0 before 2025.1.5, from 2025.0.0 before 2025.0.9, from 2024.0.0 before 2024.1.8, versions prior to 2024.0.0.
Source
security@progress.com
NVD status
Analyzed
Products
moveit_automation

Risk scores

CVSS 3.1

Type
Primary
Base score
8.8
Impact score
5.9
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

security@progress.com
CWE-20

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

2

Configurations