CVE-2026-8649

Summary

Improper Neutralization of Special Elements in Data Query Logic vulnerability in Progress MOVEit Transfer (Custom Reports modules).

This issue affects MOVEit Transfer: before 2025.0.7, from 2025.1.0 before 2025.1.3.

Affected Software

VendorProductVersion RangeStatus
ProgressMOVEit Transfer2025.1.0 < 2025.1.3affected
ProgressMOVEit Transfer0 < 2025.0.7affected

Weaknesses

  • CWE-943: CWE-943 Improper Neutralization of Special Elements in Data Query Logic

References