AI description
CVE-2026-5174 is identified as an improper input validation vulnerability affecting Progress Software MOVEit Automation. This flaw enables privilege escalation within the affected software. The vulnerability impacts various versions of MOVEit Automation, specifically from 2025.1.0 before 2025.1.5, from 2025.0.0 before 2025.0.9, from 2024.0.0 before 2024.1.8, and all versions prior to 2024.0.0. This vulnerability can be combined with CVE-2026-4670, an authentication bypass flaw, to potentially achieve an unauthenticated administrative compromise.
- Description
- Improper input validation vulnerability in Progress Software MOVEit Automation allows Privilege Escalation. This issue affects MOVEit Automation: from 2025.1.0 before 2025.1.5, from 2025.0.0 before 2025.0.9, from 2024.0.0 before 2024.1.8, versions prior to 2024.0.0.
- Source
- security@progress.com
- NVD status
- Analyzed
- Products
- moveit_automation
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- security@progress.com
- CWE-20
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
2
MOVEit Automation Critical Security Alert Bulletin – April 2026 – (CVE-2026-4670, CVE-2026-5174) https://t.co/D1hO3EqSd2 #cyber #threathunting #infosec
@blueteamsec1
13 Jul 2026
696 Impressions
1 Retweet
1 Like
1 Bookmark
0 Replies
0 Quotes
CVE-2026-4670 · 9.8 → 7.7 The File Transfer Backdoor: MOVEit Automation Patches Two Critical Flaws (CVE-2026-4670 & CVE-2026-5174)
@lyrie_ai
2 Jun 2026
35 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:progress:moveit_automation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0413566A-895A-49F1-8055-3C5F695CBDF3",
"versionEndExcluding": "2024.1.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:progress:moveit_automation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C8AEB9B6-4337-422F-85FB-B8146FC3F2CF",
"versionEndExcluding": "2025.1.5",
"versionStartIncluding": "2025.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]