MOVEit automation flaws could enable full system compromise

Pierluigi Paganini
May 04, 2026

Progress fixes critical MOVEit Automation flaws, including an authentication bypass bug that could let attackers gain unauthorized access to systems.

Progress Software addressed two vulnerabilities in MOVEit Automation, a critical authentication bypass flaw tracked as CVE-2026-4670 and a privilege escalation issue tracked as CVE-2026-5174. If exploited, these bugs could allow attackers to gain unauthorized access or elevate privileges.

MOVEit Automation is an enterprise managed file transfer (MFT) solution developed by Progress Software. It’s designed to securely move, schedule, and automate file transfers between systems, applications, and partners, without needing custom scripts.

MOVEit Automation is widely used to manage and automate file transfers in enterprise environments.

“Critical and high vulnerabilities in MOVEit Automation may allow authentication bypass and privilege escalation through the service backend command port interfaces” reads the advisory. “Exploitation may lead to unauthorized access, administrative control, and data exposure.”

The vulnerabilities impact the following versions:

• MOVEit Automation <= 2025.1.4
• MOVEit Automation <= 2025.0.8
• MOVEit Automation <= 2024.1.7

Airbus SecLab researchers Anaïs Gantet, Delphine Gourdou, Quentin Liddell, and Matteo Ricordeau discovered and reported the vulnerabilities.

According to the advisory, no workarounds are available.

Flaws like this are especially dangerous because they can be weaponized quickly and at scale once discovered.

A vulnerability such as an authentication bypass or privilege escalation can let attackers gain access to many systems in a short time, especially when the affected software is widely used in enterprises. Once a working exploit exists, it often gets reused in large automated campaigns, not just targeted attacks.

This is what happened in past incidents involving ransomware groups like Clop ransomware group. They repeatedly abused vulnerabilities in file transfer systems (like MOVEit in 2023) to steal data from hundreds of organizations at once, before victims even had time to patch.

In August 2023, cybersecurity firm Emsisoft shared disconcerting details about a massive hacking campaign conducted by the Cl0p ransomware group that targeted the MOVEit Transfer file transfer platform designed by Progress Software Corporation.

According to the experts, the attacks impacted approximately 1,000 Organizations and 60,144,069 individuals. The Cl0p ransomware gang exploited the zero-day vulnerability CVE-2023-34362 to hack the platforms used by organizations worldwide and steal their data.

That’s why these bugs are high-risk: they don’t just affect one company, they can become the entry point for mass exploitation, data theft, and ransomware extortion campaigns worldwide.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon