How to find Progress MOVEit Automation installations on your network

Progress Software disclosed two MOVEit Automation vulnerabilities: CVE-2026-4670 (critical, CVSS 9.8 — authentication bypass allowing unauthenticated unauthorized access) and CVE-2026-5174 (high, CVSS 7.7 — improper input validation enabling privilege escalation). Affected releases include MOVEit Automation 2024.1.7 and earlier, 2025.0.8 and earlier, and 2025.1.4 and earlier (the latter only for CVE-2026-5174); users are urged to upgrade to 2024.1.8+, 2025.0.9+, or 2025.1.5+ as applicable. The advisory also includes a runZero service-inventory query to help identify impacted systems.