MOVEit Automation hit by critical auth bypass; users urged to upgrade

May 4, 2026 at 08:03 PM

•

1 min read

MOVEit Automation hit by critical auth bypass; users urged to upgrade — Photo: BleepingComputer

TL;DR Summary

Progress Software warned of a critical authentication bypass in MOVEit Automation (CVE-2026-4670) affecting older builds, with remote attackers able to exploit it without privileges or user interaction. Upgrading to the patched release via the full installer is the recommended remediation, and expect an outage during the upgrade. The advisory also covers a high-severity privilege-escalation flaw (CVE-2026-5174). Shodan data shows about 1,400 MOVEit Automation instances publicly exposed online, including some tied to U.S. government agencies, underscoring the urgency of patching amid MOVEit’s history of exploited vulnerabilities.

Topics:technology #authentication-bypass #cve-2026-4670 #cve-2026-5174 #exposed-online #moveit-automation #security

Share this article

Progress warns of critical MOVEit Automation auth bypass flaw BleepingComputer
Progress Patches Critical MOVEit Automation Bug Enabling Authentication Bypass The Hacker News
Critical MOVEit Automation auth bypass vulnerability fixed (CVE-2026-4670) Help Net Security
Critical MOVEit Vulnerabilities Enables Authentication Bypass CyberSecurityNews
New MOVEit vulnerabilities prompt urgent vendor warning Cybersecurity Dive

Reading Insights

Total Reads

Unique Readers

Time Saved

3 min

vs 4 min read

Condensed

87%

650 → 85 words

Want the full story? Read the original article

Read on BleepingComputer

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights