{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/moveit-transfer-2025.0.0-2025.0.7/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.5,"id":"CVE-2026-10699"},{"cvss":7.2,"id":"CVE-2026-10698"},{"cvss":8,"id":"CVE-2026-11903"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["MOVEit Transfer (\u003c= 2024.1.8)","MOVEit Transfer (2025.0.0-2025.0.7)","MOVEit Transfer (2025.1.0-2025.1.3)","MOVEit Transfer (2026.0.0)"],"_cs_severities":["high"],"_cs_tags":["vulnerability","cve","data-exfiltration","critical-vulnerability","moveit"],"_cs_type":"advisory","_cs_vendors":["Progress"],"content_html":"\u003cp\u003eOn July 8, 2026, the Canadian Centre for Cyber Security (CCCS) issued an alert, AV26-678, referencing a critical security bulletin from Progress Software. This advisory addresses multiple severe vulnerabilities (CVE-2026-10699, CVE-2026-10698, CVE-2026-11903) impacting MOVEit Transfer, a widely used managed file transfer solution. Affected versions include 2024.1.8 and prior, 2025.0.0 to 2025.0.7, 2025.1.0 to 2025.1.3, and 2026.0.0. While specific exploitation details are not provided in the advisory, critical vulnerabilities in such systems typically pose a significant risk of unauthorized access, data exfiltration, or remote code execution, making immediate patching crucial for all organizations utilizing MOVEit Transfer.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003cp\u003eThe provided security advisories (AV26-678, CVE-2026-10699, CVE-2026-10698, CVE-2026-11903) from Progress Software and the CCCS do not detail specific exploitation methods or a step-by-step attack chain for these vulnerabilities. However, unpatched critical vulnerabilities in managed file transfer solutions can broadly lead to the following outcomes:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003e\u003cstrong\u003eVulnerability Identification:\u003c/strong\u003e An attacker identifies an unpatched MOVEit Transfer instance on an internet-facing network.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eInitial Access:\u003c/strong\u003e The attacker exploits one of the identified critical vulnerabilities (e.g., CVE-2026-10699, CVE-2026-10698, CVE-2026-11903) to gain unauthorized access to the MOVEit Transfer server. This could involve bypassing authentication, injecting malicious code, or leveraging flaws in file processing.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eCommand Execution / Data Access:\u003c/strong\u003e Upon successful exploitation, the attacker gains the ability to execute arbitrary commands on the underlying server or access sensitive files stored within the MOVEit Transfer environment.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eData Exfiltration:\u003c/strong\u003e Malicious actors may then search for and exfiltrate sensitive data, such as customer records, financial information, or intellectual property, to attacker-controlled infrastructure.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ePersistence (Optional):\u003c/strong\u003e The attacker might establish persistence mechanisms on the compromised server to maintain access even if initial vulnerabilities are patched later.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eImpact:\u003c/strong\u003e The final objective is typically data theft, disruption of services, or further lateral movement into the victim's network.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThe impact of unpatched critical vulnerabilities in MOVEit Transfer is severe, as the product is designed to handle and transfer sensitive data for organizations across various sectors. Successful exploitation could lead to unauthorized access to an organization's most critical data, resulting in massive data breaches, significant financial losses due and regulatory fines, reputational damage, and operational disruption. While the current advisory does not provide victim counts or specific sectors targeted, past incidents involving MOVEit Transfer vulnerabilities have affected hundreds of organizations globally, including government agencies, financial institutions, and healthcare providers, underscoring the widespread potential for devastating consequences.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImmediately review the Progress Security Bulletin linked in this brief and apply the necessary updates to all affected MOVEit Transfer instances to address CVE-2026-10699, CVE-2026-10698, and CVE-2026-11903.\u003c/li\u003e\n\u003cli\u003eValidate that all MOVEit Transfer versions listed in the advisory are updated to their respective patched versions.\u003c/li\u003e\n\u003cli\u003eConsult the CCCS advisory (AV26-678) for additional guidance and stay informed on subsequent updates from Progress Software.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-08T20:05:52Z","date_published":"2026-07-08T20:05:52Z","id":"https://feed.craftedsignal.io/briefs/2026-07-progress-moveit-advisory/","summary":"Progress Software has issued a critical security advisory (AV26-678) detailing multiple vulnerabilities, including CVE-2026-10699, CVE-2026-10698, and CVE-2026-11903, affecting various versions of its MOVEit Transfer product, necessitating immediate patching to prevent potential exploitation.","title":"Progress MOVEit Transfer Critical Security Advisory (AV26-678)","url":"https://feed.craftedsignal.io/briefs/2026-07-progress-moveit-advisory/"}],"language":"en","title":"CraftedSignal Threat Feed - MOVEit Transfer (2025.0.0-2025.0.7)","version":"https://jsonfeed.org/version/1.1"}