Progress Software Urges Global Patch for Critical MOVEit Automation Vulnerabilities
AI-generated from multiple sources. Verify before acting on this reporting.
PROVIDENCE, R.I. — Progress Software has received additional corroborating reports regarding the critical vulnerabilities in its MOVEit Automation enterprise file transfer application. The company confirmed that the security flaws, previously identified on May 4, 2026, continue to be actively exploited in the wild. The new reports indicate a broader scope of impact than initially assessed, with organizations across multiple sectors reporting unauthorized access attempts. Progress is urging all customers to prioritize the immediate deployment of patches to mitigate the risk of data breaches and system compromise. The company is working closely with affected entities to provide support and guidance on remediation efforts. No new vulnerabilities have been identified, but the urgency of the situation has been heightened by the confirmed exploitation. Progress advises administrators to monitor their systems for signs of compromise and to follow the latest security advisories for any further updates.
PROVIDENCE, R.I. (AP) — Progress Software issued an urgent advisory Monday, warning customers worldwide to immediately patch critical security flaws in its MOVEit Automation enterprise file transfer application. The company identified two vulnerabilities, one rated critical and another high-severity, that could allow attackers to bypass authentication and escalate privileges within affected systems.
The advisory, released on May 4, 2026, addresses CVE-2026-4670, a critical authentication bypass vulnerability, and CVE-2026-5174, a high-severity privilege escalation issue. Progress stated that the flaws impact MOVEit Automation software versions prior to 2025.1.5, 2025.0.9, and 2024.1.8. The company recommended that all users upgrade to the latest patched versions to mitigate the risk of unauthorized access and data compromise.
MOVEit Automation is widely used by organizations globally to manage secure file transfers. The authentication bypass vulnerability allows an unauthenticated attacker to access sensitive functions within the application, potentially exposing confidential data or enabling further system infiltration. The privilege escalation flaw could enable a low-privileged user to gain administrative control over the system.
Progress Software has not confirmed whether the vulnerabilities are currently being exploited in the wild. However, the severity of the flaws has prompted the vendor to classify the advisory as critical, urging immediate action from enterprise customers. The company emphasized that the patches are available for download through its official support channels.
This incident marks another security challenge for Progress Software, which previously faced scrutiny over vulnerabilities in its MOVEit Transfer product. The company has since implemented enhanced security protocols and monitoring systems to prevent similar issues. Industry analysts note that the widespread adoption of MOVEit Automation makes the timely patching of these vulnerabilities essential for maintaining the integrity of global file transfer networks.
Security experts recommend that organizations inventory their MOVEit Automation installations and verify their current software versions. Those running affected versions should prioritize applying the patches as soon as possible. Progress Software advised customers to follow its official patching guidelines to ensure a secure update process.
The full extent of the vulnerabilities' impact remains unclear as organizations begin assessing their exposure. Progress Software has committed to providing further updates as more information becomes available. Customers are encouraged to monitor official communications from the vendor for additional guidance.
As the cybersecurity landscape evolves, the MOVEit Automation vulnerabilities highlight the ongoing need for robust security measures in enterprise software. Organizations are urged to remain vigilant and proactive in addressing security threats to protect their critical infrastructure and sensitive data.