Ctrl + K
/ news / CVE
CVEPublished 2026-04-30Modified 2026-05-041 article on news5 live referencesNVD data

CVE-2026-4670Progress · Moveit_automation

Vulnerability data via NVD (ingested)

CVSS v3.1
9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS percentile
22
Exploit Prediction Scoring System · top 78% of all CVEs
Weaknesses (CWE)
CWE-305Authentication Bypass by Primary Weakness
Description

Authentication bypass by primary weakness vulnerability in Progress Software MOVEit Automation allows Authentication Bypass. This issue affects MOVEit Automation: from 2025.0.0 before 2025.0.9, from 2024.0.0 before 2024.1.8, versions prior to 2024.0.0.

Timeline
Published 2026-04-30
Modified 2026-05-04

External references

NVDMITREExploit-DBSploitusVulnCheck

Search for exposed instances

Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common).

Shodan · vuln tag0 hosts
vuln:CVE-2026-4670
Hosts Shodan has explicitly fingerprinted as vulnerable.
Shodan · product
product:"Progress Moveit Automation"
All exposed Progress Moveit Automation instances — cross-reference with the CVE's affected-version range.
Shodan · banner/body mention
http.html:"Moveit Automation"
HTTP body or banner mentions "Moveit Automation" — catches deploys Shodan didn't identify as a product.
More intel sources (5)
Shodan report
vuln:CVE-2026-4670
Country / ASN / product breakdown for the vuln query.
Censys
vulnerabilities.cve_id: CVE-2026-4670
Censys host search filtered to this CVE id.
grep.app
CVE-2026-4670
Public source-code mentions — fast PoC discovery.
GitHub code
CVE-2026-4670
GitHub code search for direct mentions.
Google dork
"CVE-2026-4670" exploit -site:nvd.nist.gov
Write-ups and news, NVD excluded.

Known PoCs on GitHub (5)

CVE-2026-46705 repos
vulnerability-lookup/VulnMCPPython
A modular MCP server providing AI-driven vulnerability management skills, including severity classification and automated insights.
★ 28·updated 5d ago
gcve-eu/gcvePython
A Python client for the Global CVE Allocation System.
★ 18·updated 2w ago
liuzhen9320/zstarunknown
They said organizing stars was extremely troublesome, so I lent a hand.
★ 3·updated 5d ago
ryansketch02-C3PO/intel-repositoryHTML
C3PO unified intelligence repository — threats, infrastructure, archives, and R&D
★ 2·updated 1w ago
maheshndev/awesome-reposHTML
Awesome Repositories - Explore top-rated GitHub repositories curated for developers—tools, libraries, and projects to boost productivity and learning in one place. Discover the bes…
★ 2·updated 1w ago
Articles on news mentioning CVE-2026-4670