A security bulletin issued by the French CERT on 30 April 2026 reports several critical vulnerabilities in Progress MOVEit Automation software. The flaws allow attackers to bypass security policies and elevate privileges, potentially gaining unauthorized access to protected data. The issues were identified by the vendor’s internal security team and reported to the national CERT. The vulnerabilities affect MOVEit Automation releases 2024.1.x earlier than 2024.1.8, 2025.0.x earlier than 2025.0.9, and 2025.1.x earlier than 2025.1.5. The report references CVE‑2026‑4670 and CVE‑2026‑5174. Users are advised to consult the vendor’s security alert for patches and to upgrade to the latest supported version. The CERT recommends immediately applying the vendor‑provided patches, as the vulnerabilities can be exploited remotely without authentication, and failure to do so could expose systems to exploitation.
Summary of content from
Made by AI. If you spot anything of concern write us at contact@cybach.com. We’ll promptly correct irregularities.