CVE-2026-8651

Summary

Limited authentication bypass by spoofing vulnerability in Progress MOVEit Transfer (HTTPS module).

This issue affects MOVEit Transfer: before 2025.0.7, from 2025.1.0 before 2025.1.3.

Affected Software

VendorProductVersion RangeStatus
ProgressMOVEit Transfer2025.1.0 < 2025.1.3affected
ProgressMOVEit Transfer0 < 2025.0.7affected

Weaknesses

  • CWE-290: CWE-290 Authentication bypass by spoofing

References