Progress Releases Patches for Critical Vulnerabilities in MOVEit Automation

Progress has released patches for MOVEit Automation to address a critical authentication bypass vulnerability, CVE-2026-4670, which allows remote access without credentials. The update also fixes CVE-2026-5174, a privilege escalation flaw that could worsen the impact if an attacker gains initial access. The patch requires a full installer deployment and necessitates a temporary service shutdown. No specific exploitation or public disclosure details were provided, and the vulnerabilities affect unspecified versions of MOVEit Automation. The fixes were announced in May 2026.