CVE-2026-8487

Incorrect default permissions vulnerability in Progress Software MOVEit Automation allows Retrieve Embedded Sensitive Data. This issue affects MOVEit Automation: before 2025.0.11, from 2025.1.0 before 2025.1.7.

medium 6.5 CVSS 3.1
Published: May 20, 2026
Modified: May 21, 2026
Vendor: Progress
Product: Moveit Automation

Description

Incorrect default permissions vulnerability in Progress Software MOVEit Automation allows Retrieve Embedded Sensitive Data.

This issue affects MOVEit Automation: before 2025.0.11, from 2025.1.0 before 2025.1.7.

References

Related CVEs

CVE-2026-8486 medium · 5.3
Allocation of resources without limits or throttling vulnerability in Progress Software MOVEit Automation allows Flooding. This issue affects MOVEit Automation: before 2025.0.11,
CVE-2026-8488 medium · 4.3
Allocation of resources without limits or throttling vulnerability in Progress Software MOVEit Automation allows Excessive Allocation. This issue affects MOVEit Automation: before
CVE-2026-8485 medium · 5.9
Uncontrolled Memory Allocation vulnerability in Progress Software MOVEit Automation allows Excessive Allocation. This issue affects MOVEit Automation: before 2025.0.11, from 2025.
CVE-2024-12251 high · 7.8
In Progress Telerik UI for WinUI versions prior to 2025 Q1 (3.0.0), a command injection attack is possible through improper neutralization of hyperlink elements.