Full Report
Progress security advisory (AV26-410)
Analysis Summary
# Vulnerability: Critical Flaws in Progress MOVEit Automation (April 2026)
## CVE Details
- **CVE ID:** CVE-2026-4670, CVE-2026-5174
- **CVSS Score:** 9.8 (Critical) - *Estimated based on vendor "Critical" classification*
- **CWE:** Not explicitly listed in the advisory summary.
## Affected Systems
- **Products:** Progress MOVEit Automation
- **Versions:**
- 2025.1.4 and prior
- 2025.0.8 and prior
- 2024.1.7 and prior
- 2024.0.0 and prior
- **Configurations:** Default installations of MOVEit Automation across the specified versions.
## Vulnerability Description
While the specific technical mechanics (such as SQL injection or Buffer Overflow) are not detailed in the brief advisory, these vulnerabilities allow for critical security compromises within the MOVEit Automation environment. Given the "Critical" rating for these specific CVEs, they likely involve unauthorized access or remote code execution (RCE) capabilities.
## Exploitation
- **Status:** Not explicitly reported as exploited in the wild at the time of advisory; however, MOVEit products are frequent targets for advanced persistent threats (APTs).
- **Complexity:** Low (Typical for Critical vulnerabilities in this product category)
- **Attack Vector:** Network
## Impact
- **Confidentiality:** High
- **Integrity:** High
- **Availability:** High
## Remediation
### Patches
Progress has released the following fixed versions. It is recommended to upgrade to the latest service pack within your major version branch:
- **MOVEit Automation 2025.1.5** (or later)
- **MOVEit Automation 2025.0.9** (or later)
- **MOVEit Automation 2024.1.8** (or later)
- **MOVEit Automation 2024.0.1** (or later)
### Workarounds
- No specific workarounds are provided. Immediate patching is the primary recommended defense.
- Restrict network access to the MOVEit Automation server to trusted IP addresses only.
## Detection
- **Indicators of Compromise:** Monitor for unusual administrative log-ins or unauthorized file transfer activities.
- **Detection methods and tools:** Review MOVEit Audit logs for unexpected "System" level changes or unfamiliar user creation. Ensure endpoint detection and response (EDR) tools are active on the host server.
## References
- **Vendor Advisory:** hxxps[://]community[.]progress[.]com/s/article/MOVEit-Automation-Critical-Security-Alert-Bulletin-April-2026-CVE-2026-4670-CVE-2026-5174
- **CCCS Advisory:** hxxps[://]www[.]cyber[.]gc[.]ca/en/alerts-advisories/progress-security-advisory-av26-410