CVE-2026-8800 in MOVEit Transferinfo

Summary

by MITRE • 07/08/2026

Incorrect Authorization vulnerability in Progress MOVEit Transfer (Audit User module).

This issue affects MOVEit Transfer: before 2025.0.7, from 2025.1.0 before 2025.1.3.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Analysis

by VulDB Data Team • 07/08/2026

The vulnerability under discussion represents an incorrect authorization flaw within the Audit User module of Progress MOVEit Transfer software, a widely deployed enterprise file transfer solution that facilitates secure data exchange between organizations. This authorization bypass issue stems from insufficient access controls that allow unauthorized users to gain elevated privileges or access restricted functionality within the system's audit mechanisms. The vulnerability specifically impacts versions prior to 2025.0.7 and affects releases from 2025.1.0 through 2025.1.2, creating a window of exposure where malicious actors could exploit the weakness to manipulate audit records or access sensitive operational data.

The technical nature of this flaw lies in the improper validation of user permissions within the Audit User module, where the system fails to adequately verify that authenticated users possess the necessary authorization levels to perform specific audit-related operations. This misconfiguration allows attackers to potentially bypass normal access controls and execute unauthorized actions such as viewing confidential audit logs, modifying audit trails, or accessing privileged information that should only be available to authorized administrative personnel. The vulnerability manifests when the system does not properly enforce role-based access controls or does not validate session tokens against appropriate permission levels during audit operations.

Operationally, this incorrect authorization issue poses significant risks to organizations relying on MOVEit Transfer for their file transfer operations and compliance requirements. Attackers exploiting this vulnerability could compromise audit integrity by altering or deleting audit records, potentially masking malicious activities or creating false trails that would hinder forensic investigations. The impact extends beyond simple data access, as audit logs serve as critical components for security monitoring, compliance reporting, and incident response procedures. Organizations may face regulatory violations, increased forensic complexity, and potential exposure of sensitive data if unauthorized parties can manipulate these crucial audit mechanisms.

Mitigation strategies for this vulnerability should focus on immediate remediation through the installation of the patched versions 2025.0.7 and 2025.1.3 respectively, which address the authorization bypass in the Audit User module. System administrators should conduct comprehensive security assessments to verify that all affected systems have been properly updated and that no unauthorized modifications occurred during the vulnerable period. Additional controls include implementing network segmentation to limit access to MOVEit Transfer systems, enforcing strict authentication mechanisms with multi-factor authentication, and conducting regular audits of system access logs to detect anomalous behavior patterns. Organizations should also consider implementing continuous monitoring solutions that can detect unauthorized access attempts to audit modules and establish incident response procedures specifically tailored to address authorization bypass vulnerabilities in enterprise file transfer systems.

This vulnerability aligns with CWE-285, which addresses improper authorization issues in software systems, and represents a critical concern within the ATT&CK framework under the Privilege Escalation and Defense Evasion tactics. The flaw demonstrates how inadequate access control implementation can create persistent security weaknesses that may remain undetected for extended periods while providing attackers with opportunities to compromise system integrity and maintain persistence within target environments.

Responsible

ProgressSoftware

Reservation

05/18/2026

Disclosure

07/08/2026

Moderation

accepted

CPE

ready

EPSS

0.00000

KEV

no

Activities

very low

Sources

Do you want to use VulDB in your project?

Use the official API to access entries easily!