CVE-2026-8486: Allocation of resources without limits or throttling vulnerability in Progress Software MOVEit Automation
Published May 20, 2026
·Updated
Allocation of resources without limits or throttling vulnerability in Progress Software MOVEit Automation allows Flooding.
This issue affects MOVEit Automation: before 2025.0.11, from 2025.1.0 before 2025.1.7.
Affected Software
3 affected components
Progress Software MOVEit Automation<2025.0.11, >=2025.1.0<2025.1.7
Progress MOVEit Automation<2025.0.11
Progress MOVEit Automation>=2025.1.0<2025.1.7
Event History
May 20, 2026
CVE Published
via MITRE·02:11 PM
Data Sourced
via MITRE·02:11 PM
DescriptionSeverityWeakness
Data Sourced
via NVD·04:16 PM
DescriptionSeverityWeaknessAffected Software
Sep 27, 58369
Event
via FIRST·08:06 PM
Frequently Asked Questions
1
What is the severity of CVE-2026-8486?
CVE-2026-8486 is considered critical due to the potential for resource flooding that can lead to denial of service.
2
How do I fix CVE-2026-8486?
To mitigate CVE-2026-8486, upgrade your Progress Software MOVEit Automation to version 2025.1.7 or later.
3
What products are affected by CVE-2026-8486?
CVE-2026-8486 affects Progress Software MOVEit Automation versions before 2025.0.11 and between 2025.1.0 to 2025.1.6.
4
What type of vulnerability is CVE-2026-8486?
CVE-2026-8486 is an allocation of resources without limits or throttling vulnerability.
5
Is there a known exploit for CVE-2026-8486?
As of now, there are no publicly disclosed exploits for CVE-2026-8486, but the vulnerability poses significant risk.