CVE-2026-5174

7.7

High

Published:30 Apr 2026

Last updated:17 Jun 2026

Source:security@progress.com

Analyzed

Weakness (CWE)

CWE-20Improper Input Validation

CVSS Vector

v3.1

Attack Vector: Network
Attack Complexity: Low
Privileges Required: Low
User Interaction: None
Scope: Changed
Confidentiality: None
Integrity: None
Availability: High

View on MITRE Find PoC on GitHub

Description

Improper input validation vulnerability in Progress Software MOVEit Automation allows Privilege Escalation. This issue affects MOVEit Automation: from 2025.1.0 before 2025.1.5, from 2025.0.0 before 2025.0.9, from 2024.0.0 before 2024.1.8, versions prior to 2024.0.0.

References

security@progress.com

https://community.progress.com/s/article/MOVEit-Automation-Critical-Security-Alert-Bulletin-April-2026-CVE-2026-4670-CVE-2026-5174