Description
Limited authentication bypass by spoofing vulnerability in Progress MOVEit Transfer (HTTPS module).

This issue affects MOVEit Transfer: before 2025.0.7, from 2025.1.0 before 2025.1.3.
Published: 2026-07-08
Score: 3.7 Low
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 08 Jul 2026 20:15:00 +0000

Type Values Removed Values Added
Description Limited authentication bypass by spoofing vulnerability in Progress MOVEit Transfer (HTTPS module). This issue affects MOVEit Transfer: before 2025.0.7, from 2025.1.0 before 2025.1.3.
Title IPv6 Loopback Spoof via Trusted Host Header Bypasses Origin Check in MOVEit Transfer
Weaknesses CWE-290
References
Metrics cvssV3_1

{'score': 3.7, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N'}


Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: ProgressSoftware

Published:

Updated: 2026-07-08T19:50:43.060Z

Reserved: 2026-05-15T04:28:13.929Z

Link: CVE-2026-8651

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses