CVE-2026-5174
Description of the Vulnerability
The vulnerability CVE-2026-5174 is a Improper Input Validation flaw in Progress Software's MOVEit Automation. This issue allows attackers to exploit a privilege escalation vector, enabling unauthorized access or modification of system resources. The vulnerability is classified as HIGH severity with a CVSS score of 7.7, indicating significant potential for exploitation.Systems Affected
The vulnerability impacts the following versions of MOVEit Automation: - MOVEit Automation 2025.1.0 through 2025.1.4 (before version 2025.1.5) - MOVEit Automation 2025.0.0 through 2025.0.8 (before version 2025.0.9) - MOVEit Automation 2024.0.0 through 2024.1.7 (before version 2024.1.8) - All versions prior to 2024.0.0 Users of these affected versions are advised to apply the latest security patches to mitigate the risk.Impact and Exploitability
This vulnerability allows an attacker with access to the system to escalate privileges, potentially leading to unauthorized control or data exfiltration. The CVSS score reflects the high severity of the flaw, as it can be exploited remotely (AV:N) without user interaction (UI:N). Attackers could leverage this flaw to bypass authentication mechanisms or gain administrative access to the MOVEit Automation server.Indicators of Compromise (IOCs)
No public Indicators of Compromise (IOCs) are available for CVE-2026-5174 at the time of this report.Note: The absence of publicly shared IOCs means organizations should focus on patching and monitoring for unusual activity related to MOVEit Automation.