Progress Software disclosed critical authentication bypass (CWE-287) and privilege escalation (CWE-269) vulnerabilities in MOVEit Automation in May 2026, with a CVSS base score of 9.1. No CVE identifier was confirmed in the available source data; consult the Progress Security Center for authoritative CVE assignment and affected version scope. The flaw profile directly mirrors the vulnerability class that enabled the 2023 Cl0p mass-exploitation campaign against MOVEit Transfer, making this advisory a high-urgency item for any organization running MOVEit Automation.