CVE-2026-10698

Summary

Improper Neutralization of Special Elements in Data Query Logic vulnerability in Progress MOVEit Transfer (Custom Reports modules).

This issue affects MOVEit Transfer: from 2025.0.0 before 2025.0.8, from 2025.1.0 before 2025.1.4, from 2026.0.0 before 2026.0.1.

Affected Software

VendorProductVersion RangeStatus
ProgressMOVEit Transfer2025.0.0 < 2025.0.8affected
ProgressMOVEit Transfer2025.1.0 < 2025.1.4affected
ProgressMOVEit Transfer2026.0.0 < 2026.0.1affected

Weaknesses

  • CWE-943: CWE-943 Improper Neutralization of Special Elements in Data Query Logic

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References