Critical MOVEit Automation auth bypass vulnerability fixed (CVE-2026-4670) (opens in new tab)

Progress Software has fixed a critical authentication bypass (CVE-2026-4670) and a privilege escalation (CVE-2026-5174) vulnerability in MOVEit Automation, exploitation of which “may lead to unauthorized access, administrative control, and data exposure.” The vulnerabilities were reported privately by Airbus researchers and there’s no mention of them being leveraged by attackers in the wild. Still, performing an upgrade to a fixed version is “strongly” advised. CVE-2026-4670 and CVE-2026-5174...