Progress Software warned customers to patch a critical authentication bypass vulnerability (CVE-2026-4670) in MOVEit Automation that allows remote, unauthenticated attackers to bypass authentication in low-complexity, no-interaction attacks. The company released patched updates (and a fix for a related privilege escalation CVE-2026-5174), recommends upgrading with the full installer despite an expected outage, and noted over 1,400 online instances with some tied to U.S. government agencies. #MOVEitAutomation #Clop
Keypoints
- A critical authentication bypass (CVE-2026-4670) impacts MOVEit Automation versions before 2025.1.5, 2025.0.9, and 2024.1.8.
- Remote attackers can exploit the flaw without privileges in low-complexity, no-interaction attacks.
- Progress recommends upgrading to patched releases using the full installer, and warns the upgrade will cause a system outage.
- A separate high-severity privilege escalation (CVE-2026-5174) was also patched in the same software.
- Shodan searches identified over 1,400 exposed MOVEit Automation instances, including more than a dozen linked to U.S. local and state governments.