Cyber Resilience

CVE-2026-8487

Medium

Published: 20 May 2026

Published
20 May 2026
Modified
21 May 2026
KEV Added
Patch
CVSS Score v3.1 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0027 18.8th percentile
Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-8487 is a medium-severity Incorrect Default Permissions (CWE-276) vulnerability in Progress Moveit Automation. Its CVSS base score is 6.5 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Credentials In Files (T1552.001); ranked at the 18.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Incorrect default permissions vulnerability in Progress Software MOVEit Automation allows Retrieve Embedded Sensitive Data. This issue affects MOVEit Automation: before 2025.0.11, from 2025.1.0 before 2025.1.7.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1552.001 Credentials In Files Credential Access
Adversaries may search local file systems and remote file shares for files containing insecurely stored credentials.
Why these techniques?

CWE-276 incorrect default permissions directly exposes embedded sensitive data (credentials) in files, mapping to T1552.001.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-4670Same product: Progress Moveit Automation
CVE-2026-8486Same product: Progress Moveit Automation
CVE-2026-5174Same product: Progress Moveit Automation
CVE-2026-8485Same product: Progress Moveit Automation
CVE-2026-8488Same product: Progress Moveit Automation
CVE-2025-13447Same product class: managed file transfer
CVE-2025-11235Same product class: managed file transfer
CVE-2025-2324Same product class: managed file transfer
CVE-2023-34362Same product class: managed file transfer
CVE-2025-13444Same product class: managed file transfer

Affected Assets

progress
moveit automation
≤ 2025.0.11 · 2025.1.0 — 2025.1.7

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-276

Access control policy can specify and enforce secure default permissions for resources.

addresses: CWE-276

Guides setting of default permissions to the minimum required level.

addresses: CWE-276

Establishes requirements for appropriate default permissions on system resources as part of configuration management.

addresses: CWE-276

Baseline establishment and updates on install/upgrade ensure correct default permissions rather than insecure ones.

addresses: CWE-276

Requiring the most restrictive settings instead of defaults prevents incorrect default permissions on resources.

addresses: CWE-276

Requires documented processes that include setting and maintaining correct default permissions for configuration items.

addresses: CWE-276

Requires addressing secure default permissions in physical and environmental protection controls.

addresses: CWE-276

Tailoring explicitly overrides or scopes default permission assignments in the baseline to match the system's actual risk and operational needs.

References