PT-2026-36123 · Progress · Moveit Automation

Airbus Seclab

Published

2026-04-30

Updated

2026-06-05

CVE-2026-4670

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions MOVEit Automation versions prior to 2024.1.8 MOVEit Automation versions 2024.0.0 through 2024.1.7 MOVEit Automation versions 2025.0.0 through 2025.0.8

Description An improper authentication flaw allows attackers to bypass authentication entirely. This can lead to unauthorized administrative control, data exposure, privilege escalation, and lateral movement across enterprise networks.

Recommendations Update versions prior to 2024.0.0 to version 2024.1.8 or later. Update versions 2024.0.0 through 2024.1.7 to version 2024.1.8 or later. Update versions 2025.0.0 through 2025.0.8 to version 2025.0.9 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-305

Related Identifiers

BDU:2026-07888

CVE-2026-4670

Affected Products

Moveit Automation

PT-2026-36123 · Progress · Moveit Automation

CVE-2026-4670

Weakness Enumeration

Related Identifiers

Affected Products

References · 48