Progress MOVEit Automation carries a critical authentication bypass (CVE-2026-4670, CVSS 9.8) chainable with a privilege escalation vulnerability (CVE-2026-5174). An unauthenticated attacker with network access to the MOVEit Automation interface can bypass authentication and, via the chained flaw, escalate to deeper system access. Given MOVEit’s history as a primary target for ransomware and data theft operations, this product demands immediate patch priority regardless of current KEV status.