Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
Warning: Critical authentication bypass in MOVEit Automation (CVE-2026-4670), Patch Immediately!
Image
Published : 04/05/2026
- Last update: 04/05/2026
- Affected software:
→ MOVEit Automation <= 2025.1.4
→ MOVEit Automation <= 2025.0.8
→ MOVEit Automation <= 2024.1.7- Type:
→ CWE-305 - Authentication Bypass by Primary Weakness (CVE-2026-4670)
→ CWE-20 - Improper Input Validation (CVE-2026-5174)- CVE/CVSS
→ CVE-2026-4670: CVSS 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
→ CVE-2026-5174: CVSS 7.7 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H)
Sources
Official Manufacturer - https://community.progress.com/s/article/MOVEit-Automation-Critical-Security-Alert-Bulletin-April-2026-CVE-2026-4670-CVE-2026-5174
Risks
A critical severity authentication bypass and a high severity privilege escalation vulnerability were disclosed affecting Progress MOVEit Automation. Successful exploitation allows an unauthenticated remote attacker to gain administrative access to the vulnerable service. This has a severe impact on the Confidentiality, Integrity, and Availability of the system, potentially granting full control over the application and its sensitive file transfer workflows.
While there is currently no evidence of active exploitation in the wild, the historical targeting of Managed File Transfer (MFT) solutions by advanced persistent threats (APTs) and ransomware affiliates (such as the Cl0p ransomware campaigns targeting MOVEit Transfer in 2023) elevates the urgency of this threat.
Description
CVE-2026-4670, CVSS: 9.8
Authentication bypass by primary weakness vulnerability in Progress Software MOVEit Automation allows Authentication Bypass. This issue affects MOVEit Automation: from 2025.0.0 before 2025.0.9, from 2024.0.0 before 2024.1.8, versions prior to 2024.0.0.
CVE-2026-5174, CVSS: 7.7
Improper input validation vulnerability in Progress Software MOVEit Automation allows Privilege Escalation. This issue affects MOVEit Automation: from 2025.1.0 before 2025.1.5, from 2025.0.0 before 2025.0.9, from 2024.0.0 before 2024.1.8, versions prior to 2024.0.0.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority after thorough testing.
Update to version:
- MOVEit Automation 2025.1.5 or later
- MOVEit Automation 2025.0.9 or later
- MOVEit Automation 2024.1.8 or later
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity and ensure a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via https://ccb.belgium.be/en/cert/report-incident.
While patching appliances or software to the newest version may protect against future exploitation, it does not remediate historic compromise.
References
NIST NVD - https://nvd.nist.gov/vuln/detail/CVE-2026-4670
NIST NVD - https://nvd.nist.gov/vuln/detail/CVE-2026-5174