CVE-2026-10699

Summary

Missing release of memory after effective lifetime vulnerability in Progress MOVEit Transfer (Custom Reports modules).

This issue affects MOVEit Transfer: from 2025.0.0 before 2025.0.8, from 2025.1.0 before 2025.1.4, from 2026.0.0 before 2026.0.1.

Affected Software

VendorProductVersion RangeStatus
ProgressMOVEit Transfer2025.0.0 < 2025.0.8affected
ProgressMOVEit Transfer2025.1.0 < 2025.1.4affected
ProgressMOVEit Transfer2026.0.0 < 2026.0.1affected

Weaknesses

  • CWE-401: CWE-401 Missing release of memory after effective lifetime

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References