CVE-2026-8488
Allocation of Resources Without Limits in Progress MOVEit Automation
Publication date: 2026-05-20
Last updated on: 2026-05-20
Assigner: Progress Software Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| progress_software | moveit_automation | From 2025.1.0 (inc) to 2025.1.7 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-770 | The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an allocation of resources without limits or throttling issue in Progress Software MOVEit Automation. It allows excessive allocation of resources, which means the software does not properly restrict or control how much resource can be used, potentially leading to resource exhaustion.
How can this vulnerability impact me? :
The vulnerability can impact you by causing excessive allocation of resources in MOVEit Automation, which may lead to degraded performance or denial of service conditions. Since the CVSS score indicates an impact on availability, it could result in the system becoming slow or unresponsive.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should update MOVEit Automation to a fixed version where the issue is addressed.
- Upgrade to MOVEit Automation version 2025.0.11 or later if you are using a version before 2025.0.11.
- If using versions from 2025.1.0 to before 2025.1.7, upgrade to 2025.1.7 or later.
- Refer to the official Progress Software MOVEit Automation release notes for the 2026 release which includes security fixes addressing this vulnerability.