CVE-2026-4670 & CVE-2026-5174: MOVEit Automation Flaws Enable Auth Bypass and Privilege Escalation

This advisory details two critical MOVEit Automation vulnerabilities (CVE-2026-4670 and CVE-2026-5174) that can be chained from unauthenticated access to privilege escalation, potentially yielding administrative control and data exposure; it lists affected and fixed versions (2025.1.5 / 2025.0.9 / 2024.1.8), notes no confirmed in-the-wild exploitation as of May 5, 2026, and recommends urgent patching, network restrictions, and enhanced monitoring.