CVE-2026-8485
Uncontrolled Memory Allocation in Progress MOVEit Automation
Publication date: 2026-05-20
Last updated on: 2026-05-20
Assigner: Progress Software Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| progress | moveit_automation | to 2025.0.11 (exc) |
| progress | moveit_automation | From 2025.1.0 (inc) to 2025.1.7 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-789 | The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-8485 is an Uncontrolled Memory Allocation vulnerability in Progress Software MOVEit Automation. It involves improper memory management that allows an attacker to cause excessive memory consumption.
This excessive allocation can lead to denial-of-service conditions or other unintended system behavior.
How can this vulnerability impact me? :
The vulnerability can be exploited to cause excessive memory consumption, which may result in denial-of-service conditions.
This means the affected system could become unresponsive or crash, disrupting normal operations.
What immediate steps should I take to mitigate this vulnerability?
To mitigate the Uncontrolled Memory Allocation vulnerability in Progress Software MOVEit Automation, you should update MOVEit Automation to version 2026 or later, where this issue has been addressed as part of security fixes.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify how the Uncontrolled Memory Allocation vulnerability in Progress Software MOVEit Automation affects compliance with common standards and regulations such as GDPR or HIPAA.