CVE-2026-5174
Published: 30 April 2026
Summary
CVE-2026-5174 is a high-severity Improper Input Validation (CWE-20) vulnerability in Progress Moveit Automation. Its CVSS base score is 7.7 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 27.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly requires the system to validate inputs, comprehensively addressing the improper input validation (CWE-20) that enables privilege escalation in this CVE.
Mandates timely identification, reporting, and correction of system flaws like CVE-2026-5174 through patching vulnerable MOVEit Automation versions.
Enforces least privilege to limit the privileges available for escalation and mitigate the impact of exploitation from low-privilege (PR:L) access.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The CVE explicitly describes an improper input validation vulnerability that enables privilege escalation from low-privileged network access, directly matching the definition of Exploitation for Privilege Escalation.
NVD Description
Improper input validation vulnerability in Progress Software MOVEit Automation allows Privilege Escalation. This issue affects MOVEit Automation: from 2025.1.0 before 2025.1.5, from 2025.0.0 before 2025.0.9, from 2024.0.0 before 2024.1.8, versions prior to 2024.0.0.
Deeper analysisAI
CVE-2026-5174 is an improper input validation vulnerability (CWE-20) in Progress Software's MOVEit Automation that enables privilege escalation. The issue affects MOVEit Automation versions from 2025.1.0 prior to 2025.1.5, from 2025.0.0 prior to 2025.0.9, from 2024.0.0 prior to 2024.1.8, and all versions prior to 2024.0.0. It has a CVSS v3.1 base score of 7.7 (AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H), indicating high severity due to its network accessibility, low complexity, and potential for scope change with high availability impact.
An attacker with low privileges (PR:L) can exploit this vulnerability over the network (AV:N) with low attack complexity and no user interaction required. Successful exploitation allows privilege escalation, potentially leading to high availability disruption (A:H) within the affected scope, though it does not impact confidentiality or integrity directly.
Progress Software has issued a Critical Security Alert Bulletin addressing CVE-2026-5174 (alongside CVE-2026-4670), available at https://community.progress.com/s/article/MOVEit-Automation-Critical-Security-Alert-Bulletin-April-2026-CVE-2026-4670-CVE-2026-5174, which details patching instructions for vulnerable versions. Security practitioners should apply the recommended updates promptly to mitigate the risk.
Details
- CWE(s)