PatchSiren

Progress Software CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

CRITICAL Progress Software CVE published 2026-06-04

CVE-2026-8037

CVE-2026-8037 is a critical OS Command Injection Remote Code Execution Vulnerability in the API of Progress ADC Products. This vulnerability allows an unauthenticated attacker to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in multiple command endpoints. The vulnerability has a CVSS score of 9.6, indicating a critical severity level.

MEDIUM Progress Software CVE published 2026-05-20

CVE-2026-8488

CVE-2026-8488 is a medium-severity availability issue in Progress Software MOVEit Automation. The published record describes an allocation-of-resources-without-limits-or-throttling weakness (CWE-770), which can lead to excessive allocation and service degradation if left unpatched. NVD lists the issue as affecting MOVEit Automation before 2025.0.11 and from 2025.1.0 before 2025.1.7.

MEDIUM Progress Software CVE published 2026-05-20

CVE-2026-8487

CVE-2026-8487 is an incorrect default permissions issue affecting Progress Software MOVEit Automation. According to the official NVD summary and Progress release notes reference, the flaw can allow retrieval of embedded sensitive data and affects MOVEit Automation versions before 2025.0.11 and from 2025.1.0 before 2025.1.7. The published CVSS 3.1 vector indicates network access, low attack complexity, low [truncated]

MEDIUM Progress Software CVE published 2026-05-20

CVE-2026-8486

CVE-2026-8486 is a medium-severity availability flaw in Progress Software MOVEit Automation. The issue is described as allocation of resources without limits or throttling, which can allow flooding and degrade service availability. The affected ranges listed in the CVE are versions before 2025.0.11 and versions from 2025.1.0 before 2025.1.7. The NVD record currently lists the vulnerability status as under [truncated]

MEDIUM Progress Software CVE published 2026-05-20

CVE-2026-8485

CVE-2026-8485 is a medium-severity Progress MOVEit Automation issue caused by uncontrolled memory allocation, which can lead to excessive allocation and availability loss. The vulnerability was publicly recorded on 2026-05-20 and affects MOVEit Automation releases before 2025.0.11 and from 2025.1.0 before 2025.1.7. The supplied CVSS vector indicates a network-reachable issue with no privileges or user int [truncated]