CVE-2026-4670 – MOVEit Automation
“A single weakness in file transfer systems can expose entire data pipelines.”
The MOVEit Automation patch addresses two serious vulnerabilities impacting secure file transfer operations. CVE-2026-4670 is a critical issue that could allow attackers to gain unauthorized access or execute actions at the highest privilege levels, threatening the integrity and confidentiality of transferred data. CVE-2026-5174 introduces a high-severity weakness that further weakens system defenses and increases exposure risk in enterprise environments handling sensitive file exchanges.
CVE-2026-4670 has a CVSS score of 9.8, which is Critical severity. CVE-2026-5174 has a CVSS score of 7.7, which is High severity. There is no verified evidence of active exploitation or publicly available proof-of-concept code for these vulnerabilities at this time.
Key Details
- Affected Product
- Progress Moveit Automation
- Attack Vector
- Network
- Attack Complexity
- Low
- Privileges Required
- None
- User Interaction
- None
- CWE Classification
- CWE-305