Improper Access Control Vulnerability in Progress MOVEit Automation_CVE-2026-5174

7.7 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Description

Improper input validation vulnerability in Progress Software MOVEit Automation allows Privilege Escalation.

This issue affects MOVEit Automation: from 2025.1.0 before 2025.1.5, from 2025.0.0 before 2025.0.9, from 2024.0.0 before 2024.1.8, versions prior to 2024.0.0.

Basic Information

ID CVE-2026-5174

Source ProgressSoftware

Published Apr 30, 2026 at 15:07

Affected Product

Vendor Progress Software

Product MOVEit Automation

Version 2025.1.0

Affected Versions Progress Software MOVEit Automation 2025.1.0
Progress Software MOVEit Automation 2025.0.0
Progress Software MOVEit Automation 2024.0.0
Progress Software MOVEit Automation 0

CWE Classification

CWE-20

References

community.progress.com /s/article/MOVEit-Automation-Critical-Security-Alert-Bulletin-April-2026-CVE-2026-4670-CVE-2026-5174

{
    "lastseen": "",
    "description": "Improper input validation vulnerability in Progress Software MOVEit Automation allows Privilege Escalation.\n\nThis issue affects MOVEit Automation: from 2025.1.0 before 2025.1.5, from 2025.0.0 before 2025.0.9, from 2024.0.0 before 2024.1.8, versions prior to 2024.0.0.",
    "published": "2026-04-30T15:07:21.589Z",
    "modified": "2026-04-30T15:07:21.589Z",
    "type": "cve",
    "title": "Improper Access Control Vulnerability in Progress MOVEit Automation",
    "source": "ProgressSoftware",
    "references": "https://community.progress.com/s/article/MOVEit-Automation-Critical-Security-Alert-Bulletin-April-2026-CVE-2026-4670-CVE-2026-5174",
    "id": "CVE-2026-5174",
    "bulletinFamily": "",
    "cwe": [
        "CWE-20"
    ],
    "cvelist": null,
    "sourceData": "Progress Software MOVEit Automation 2025.1.0\nProgress Software MOVEit Automation 2025.0.0\nProgress Software MOVEit Automation 2024.0.0\nProgress Software MOVEit Automation 0",
    "sourceHref": "",
    "cvss": {
        "score": 7.7,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "MOVEit Automation",
    "version": "2025.1.0",
    "vendor": "Progress Software",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}