CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

Progress security advisory (AV26-678)

criticalCVE-2026-10699CVE-2026-10698CVE-2026-11903
Serial number: AV26-678 Date: July 8, 2026 On July 8, 2026, Progress published security advisories to address vulnerabilities in the following product: MOVEit Transfer – version 2024.1.8 and prior MOVEit Transfer – version 2025.0.0 to 2025.0.7 MOVEit Transfer – version 2025.1.0 to 2025.1.3 MOVEit Transfer – version 2026.0.0 The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates. MOVEit Transfer Critical Security Bulletin – June 2026 – (CVE-2026-10699, CVE-2026-10698, CVE-2026-11903) Progress Trust Center

CSIRTS triage

vendor: Progressproduct: MOVEit TransferOtheraffected: 2024.1.8 and prior; 2025.0.0 to 2025.0.7; 2025.1.0 to 2025.1.3; 2026.0.0
What
Multiple vulnerabilities have been identified in MOVEit Transfer.
Who is affected
Users and administrators of MOVEit Transfer versions listed.
Urgency
Remediation is critical due to the severity of the vulnerabilities.
Action
Review the provided web links and apply the necessary updates.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch MOVEit Transfer

Get an email when a new MOVEit Transfer advisory drops — max one per day, one-click unsubscribe.

Details

Source
Canadian Centre for Cyber Security (CA · national-cert · site)
Severity
critical
Published
2026-07-08
Exploitation
Not in CISA KEV at last sync

Original advisory: https://cyber.gc.ca/en/alerts-advisories/progress-security-advisory-av26-678

Exploitation outlook

EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.

Referenced CVEs

CVECSIRTS overviewExternal
CVE-2026-10699coverage & exploitation statusNVD · CVE.org
CVE-2026-10698coverage & exploitation statusNVD · CVE.org
CVE-2026-11903coverage & exploitation statusNVD · CVE.org

Same CVEs, other sources

How other CERTs, PSIRTs and databases cover the vulnerabilities in this advisory.

More from Canadian Centre for Cyber Security