MOVEit Automation hit by critical auth bypass; users urged to upgrade
Progress Software warned of a critical authentication bypass in MOVEit Automation (CVE-2026-4670) affecting older builds, with remote attackers able to exploit it without privileges or user interaction. Upgrading to the patched release via the full installer is the recommended remediation, and expect an outage during the upgrade. The advisory also covers a high-severity privilege-escalation flaw (CVE-2026-5174). Shodan data shows about 1,400 MOVEit Automation instances publicly exposed online, including some tied to U.S. government agencies, underscoring the urgency of patching amid MOVEit’s history of exploited vulnerabilities.