Cyber Resilience

CVE-2026-5174

High

Published: 30 April 2026

Published
30 April 2026
Modified
04 May 2026
KEV Added
Patch
CVSS Score v3.1 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
EPSS Score 0.0324 86.8th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-5174 is a high-severity Improper Input Validation (CWE-20) vulnerability in Progress Moveit Automation. Its CVSS base score is 7.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 13.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-5174 is an improper input validation vulnerability (CWE-20) in Progress Software's MOVEit Automation that enables privilege escalation. The issue affects MOVEit Automation versions from 2025.1.0 prior to 2025.1.5, from 2025.0.0 prior to 2025.0.9, from 2024.0.0 prior to 2024.1.8, and all versions prior to 2024.0.0. It has a CVSS v3.1 base score of 7.7 (AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H), indicating high severity due to its network accessibility, low complexity, and potential for scope change with high availability impact.

An attacker with low privileges (PR:L) can exploit this vulnerability over the network (AV:N) with low attack complexity and no user interaction required. Successful exploitation allows privilege escalation, potentially leading to high availability disruption (A:H) within the affected scope, though it does not impact confidentiality or integrity directly.

Progress Software has issued a Critical Security Alert Bulletin addressing CVE-2026-5174 (alongside CVE-2026-4670), available at https://community.progress.com/s/article/MOVEit-Automation-Critical-Security-Alert-Bulletin-April-2026-CVE-2026-4670-CVE-2026-5174, which details patching instructions for vulnerable versions. Security practitioners should apply the recommended updates promptly to mitigate the risk.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Improper input validation vulnerability in Progress Software MOVEit Automation allows Privilege Escalation. This issue affects MOVEit Automation: from 2025.1.0 before 2025.1.5, from 2025.0.0 before 2025.0.9, from 2024.0.0 before 2024.1.8, versions prior to 2024.0.0.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

The CVE explicitly describes an improper input validation vulnerability that enables privilege escalation from low-privileged network access, directly matching the definition of Exploitation for Privilege Escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-8486Same product: Progress Moveit Automation
CVE-2026-8487Same product: Progress Moveit Automation
CVE-2026-8485Same product: Progress Moveit Automation
CVE-2026-8488Same product: Progress Moveit Automation
CVE-2026-4670Same product: Progress Moveit Automation
CVE-2025-2324Same product class: managed file transfer
CVE-2025-11235Same product class: managed file transfer
CVE-2025-13447Same product class: managed file transfer
CVE-2025-13444Same product class: managed file transfer
CVE-2023-34362Same product class: managed file transfer

Affected Assets

progress
moveit automation
≤ 2024.1.8 · 2025.0.0 — 2025.1.5

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires the system to validate inputs, comprehensively addressing the improper input validation (CWE-20) that enables privilege escalation in this CVE.

prevent

Mandates timely identification, reporting, and correction of system flaws like CVE-2026-5174 through patching vulnerable MOVEit Automation versions.

prevent

Enforces least privilege to limit the privileges available for escalation and mitigate the impact of exploitation from low-privilege (PR:L) access.

References