Critical Vulnerability in Progress MOVEit Automation (CVE-2026-4670)
Executive Summary
On April 30th, Progress Software published an alert bulletin regarding a critical vulnerability in their widely used file share product MOVEit Automation. A flaw, tracked as CVE-2026-4670, is reportedly an authentication bypass and could allow unauthenticated, remote attackers access to the system. Another high severity flaw, CVE-2026-5174 was reported in Progress’s advisory, and is a privilege escalation bug that could be used in conjunction to potentially take administrative control of the machine.
MOVEit is usually deployed on network perimeters by design and has a history of being targeted by threat actors. If successfully exploited, these vulnerabilities could allow an attacker unauthorized access to sensitive data within MOVEit and further lateral movement within an environment.
Progress has released vendor fixes for MOVEit Automation, however, did not provide any additional details about the flaws involved or confirmation of exploitation in the wild at the time of writing. Given prior targeting of MOVEit by ransomware operators and sensitive nature of data typically hosted in these solutions, Beazley Security strongly urges affected organizations update affected systems as soon as possible.
Affected Systems and Products
Mitigations and Workarounds
According to the alert bulletin from Progress, upgrading to a fixed release, using the full installer, is “the only way to remediate this issue.” If patches cannot be immediately applied, restricting network access to MOVEit Automation, especially from the internet, may help to temporarily reduce risk.
Patches
Fixes have been made available by Progress customers on a current maintenance agreement and can be found by logging into this Progress Community site. A MOVEit Automation upgrade guide has also been provided here.
Technical Details
This vulnerability is classified as an authentication bypass flaw within Progress MOVEit Automation, meaning it enables a remote, unauthenticated attacker ability to bypass authentication mechanisms entirely. No additional technical details were provided by Progress at the time of writing, nor have any been published publicly by the Airbus researchers credited with the discovery.
Due to the nature of this vulnerability, history of threat actor targeting, and sensitive information inherently stored in MOVEit solutions, Beazley Security strongly recommends patching immediately.
How Beazley Security is Responding
Beazley Security is monitoring client perimeter devices through our Exposure Management Platform to identify impacted devices and support organizations in remediation of any issues found.
We are also conducting threat hunts across our MDR environment to detect potential exploitation attempts against our clients.
If you believe your organization may have been impacted by this attack campaign and need support, please contact our Incident Response team.
Sources
Vous êtes au courant d'un incident qui a un impact sur votre secteur d'activité ? Faites-nous savoir :