Ce mail provient de l'extérieur, restons vigilants ===================================================================== CERT-Renater Note d'Information No. 2026/VULN458 _____________________________________________________________________ DATE : 05/05/2026 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running MOVEit Automation versions prior to 2025.1.5, 2025.0.9, 2024.1.8. ===================================================================== https://community.progress.com/s/article/MOVEit-Automation-Critical-Security-Alert-Bulletin-April-2026-CVE-2026-4670-CVE-2026-5174 _____________________________________________________________________ MOVEit Automation Critical Security Alert Bulletin – April 2026 – (CVE-2026-4670, CVE-2026-5174) 30 Apr 2026Knowledge Title MOVEit Automation Critical Security Alert Bulletin – April 2026 – (CVE-2026-4670, CVE-2026-5174) URL Name MOVEit-Automation-Critical-Security-Alert-Bulletin-April-2026-CVE-2026-4670-CVE-2026-5174 Article Number 000299808 Information Description Critical Security Alert Bulletin – April 2026– (CVE-2026-4670, CVE-2026-5174) Critical and high vulnerabilities in MOVEit Automation may allow authentication bypass and privilege escalation through the service backend command port interfaces What are the symptom(s)? Unexpected privilege escalation, unauthorized access, or anomalous activity observed via the audit logs. What are the impact(s) Exploitation may lead to unauthorized access, administrative control, and data exposure. Affects: MOVEit Automation <= 2025.1.4 MOVEit Automation <= 2025.0.8 MOVEit Automation <= 2024.1.7 If you have any questions or concerns related to this issue, please login to open a new Technical Support case https://community.progress.com/s/supportlink-landing. Technical Support is available to MOVEit Automation customers under warranty and active maintenance. If your version is no longer supported as part of the https://community.progress.com/s/products/moveit/product-lifecycle, you should upgrade to a supported and fixed version. Issue CWE Type (Authentication Bypass) – (CVE-2026-4670) CWE Type (Privilege Escalation) – (CVE-2026-5174) Discoverer Credit: * Airbus SecLab (https://airbus-seclab.github.io/ )* * Anaïs Gantet (vuln@airbus.com )* * Delphine Gourdou (vuln@airbus.com )* * Quentin Liddell(vuln@airbus.com )* * Matteo Ricordeau(vuln@airbus.com )* In Progress MOVEit Automation before 2025.1.5, 2025.0.9, 2024.1.8, Authentication bypass by primary weakness vulnerability in Progress Software MOVEit Automation allows Authentication Bypass. This issue affects MOVEit Automation: from 2025.0.0 before 2025.0.9, from 2024.0.0 before 2024.1.8, versions prior to 2024.0.0. Improper input validation vulnerability in Progress Software MOVEit Automation allows Privilege Escalation. This issue affects MOVEit Automation: from 2025.0.0 before 2025.1.5, from 2024.0.0 before 2024.1.8, versions prior to 2024.0.0. What action(s) do I need to take? Solution We have addressed the vulnerability and the Progress MOVEit Automation team strongly recommends performing an upgrade to the latest version listed in the table below. PLEASE NOTE: Upgrading to a patched release, using the full installer, is the only way to remediate this issue. There will be an outage to the system while the upgrade is running. For all customers on a current maintenance agreement, the upgrade can be accessed by logging into the Progress Community - https://community.progress.com/s/, or by clicking on one of the links below. Customers that are not on a current maintenance agreement should contact a Progress Sales Representative or their respective Partner. To confirm your current version of MOVEit Automation please open the MOVEit Automation Web Admin, go to Help → About, and review the version information displayed. Affected Versions Fixed Version  Documentation  MOVEit Automation 2025.1.4 (17.1.4) and earlier MOVEit Automation 2025.1.5 https://docs.progress.com/bundle/moveit-automation-install-2025/page/Upgrade-MOVEit-Automation.html MOVEit Automation 2025.0.8 (17.0.8) and earlier MOVEit Automation 2025.0.9 https://docs.progress.com/bundle/moveit-automation-install-2025/page/Upgrade-MOVEit-Automation.html MOVEit Automation 2024.1.7 (16.1.7) and earlier MOVEit Automation 2024.1.8 https://docs.progress.com/bundle/moveit-automation-install-2024/page/Upgrade-MOVEit-Automation.html Additional Information To receive email notifications for Product and Security Updates like this, please log into the Progress Community Portal and sign up for our Progress Alert and Notification Service (PANS). Please see our FAQ page regarding Frequently Asked Questions (FAQ) for Progress Alert Notifications (PANS). Release Notes Updates To be added to the Fixed Issues list for release notes in 2025.1.5, 2025.0.9 and 2024.1.8 ID Category Fixed Issue 101155 Security Authentication Bypass Vulnerability 101154 Security Privilege Escalation Vulnerability Additional Information Environment Last Modified Date 30/04/2026 15:00 Disclaimer ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================