PatchSiren cyber security CVE debrief
CVE-2026-10699 Progress CVE debrief
A high-severity vulnerability was found in Progress MOVEit Transfer, affecting versions from 2025.0.0 before 2025.0.8, from 2025.1.0 before 2025.1.4, and from 2026.0.0 before 2026.0.1. This issue is related to a missing release of memory after its effective lifetime, which could potentially lead to security issues. The vulnerability has a CVSS score of 7.5 and is classified as HIGH severity. It affects the Custom Reports modules of MOVEit Transfer.
- Vendor
- Progress
- Product
- MOVEit Transfer
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-08
- Original CVE updated
- 2026-07-10
- Advisory published
- 2026-07-08
- Advisory updated
- 2026-07-10
Who should care
Organizations using Progress MOVEit Transfer versions from 2025.0.0 before 2025.0.8, from 2025.1.0 before 2025.1.4, and from 2026.0.0 before 2026.0.1 should apply patches or mitigations. This includes operators, platform administrators, vulnerability management teams, and security teams responsible for these systems.
Technical summary
The vulnerability, CVE-2026-10699, has a CVSS score of 7.5 and is classified as HIGH severity. It affects the Custom Reports modules of MOVEit Transfer. The issue is caused by a missing release of memory after its effective lifetime, which could potentially lead to security issues. The vulnerability affects Progress MOVEit Transfer versions from 2025.0.0 before 2025.0.8, from 2025.1.0 before 2025.1.4, and from 2026.0.0 before 2026.0.1.
Defensive priority
High priority should be given to patching or mitigating this vulnerability, as it has a high CVSS score and affects multiple versions of MOVEit Transfer.
Recommended defensive actions
- Apply patches or updates provided by Progress for MOVEit Transfer to the latest version.
- Implement compensating controls, such as monitoring and exception tracking.
- Conduct inventory checks to identify affected systems.
- Review and update security policies and procedures.
- Review compensating controls for exposed systems while remediation is scheduled and verified.
Evidence notes
The CVE record was published on 2026-07-08T15:16:25.173Z and last modified on 2026-07-10T14:25:58.720Z. The NVD entry is currently Analyzed. The vulnerability affects Progress MOVEit Transfer versions from 2025.0.0 before 2025.0.8, from 2025.1.0 before 2025.1.4, and from 2026.0.0 before 2026.0.1. Evidence is based on CVE and NVD information, which may have limitations.
Official resources
-
CVE-2026-10699 CVE record
CVE.org
-
CVE-2026-10699 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-08T15:16:25.173Z and has not been modified since then. The NVD entry is currently Analyzed.