Progress MOVeI Automation Critical Vulnerability Advisory (CVE-2026-4670/5174)

MOVeI Automation Critical Security Advisory (April 2026) Vulnerability Overview Vulnerability IDs: CVE-2026-4670, CVE-2026-5174 Severity: Critical Vulnerability Types: CVE-2026-4670: Authentication Bypass – Primary weakness allows authentication bypass. CVE-2026-5174: Privilege Escalation – Improper input validation allows privilege escalation. Symptoms: Unexpected privilege escalation, unauthorized access, or anomalous activity observed in audit logs. Impact: May lead to unauthorized access, loss of administrative control, and data leakage. Affected Scope The following versions of MOVeI Automation are affected by the vulnerabilities: MOVeI Automation <= 2025.1.4 MOVeI Automation <= 2025.0.8 MOVeI Automation <= 2024.1.7 Remediation Recommendation: It is strongly recommended to upgrade MOVeI Automation to the latest versions listed in the table below. Note: Upgrading to the patched version using the full installer is the only method to resolve this issue. System downtime will occur during the upgrade. Upgrade Methods: Customers with an active maintenance agreement can access upgrades by logging into Progress Community. Customers without an active maintenance agreement should contact a Progress sales representative or partner. Version Mapping Table: Additional Information Discoverers: Airbus SecLab, Anis Garet, Delphine Gourdain, Quentin Liddel, Matteo Ricordeau Release Date: April 30, 2026 Related IDs**: 101155 (Authentication Bypass Vulnerability), 101154 (Privilege Escalation Vulnerability)

Goal Reached Thanks to every supporter — we hit 100%!

Progress MOVeI Automation Critical Vulnerability Advisory (CVE-2026-4670/5174)