CVE-2026-8485

MEDIUM

Published May 20, 2026 Modified May 20, 2026 CWE-789

Description

Uncontrolled Memory Allocation vulnerability in Progress Software MOVEit Automation allows Excessive Allocation. This issue affects MOVEit Automation: before 2025.0.11, from 2025.1.0 before 2025.1.7.

CVSS v3.1 Score

5.9

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS — Exploit Prediction

0.0001

Probability of exploitation

0.00%

Percentile rank

EPSS estimates the probability that this vulnerability will be exploited in the wild within the next 30 days. A higher score means more likely to be exploited.

Weakness Type (CWE)

CWE-789 CWE-789

Affected Products

Vendor	Product	Versions
progress	moveit_automation	< 2025.0.11
progress	moveit_automation	2025.1.0 — 2025.1.7

References

Advisories & Patches

https://docs.progress.com/bundle/moveit-automation-release-notes-2026/page/Fixed-Issues-2026.html

Frequently Asked Questions

What is CVE-2026-8485? +

Uncontrolled Memory Allocation vulnerability in Progress Software MOVEit Automation allows Excessive Allocation. This issue affects MOVEit Automation: before 2025.0.11, from 2025.1.0 before 2025.1.7. It has a CVSS v3.1 base score of 5.9 (MEDIUM).

How severe is CVE-2026-8485? +

CVE-2026-8485 has a CVSS v3.1 score of 5.9 out of 10, rated MEDIUM. This is a medium-severity vulnerability that should be remediated as part of regular maintenance. The EPSS score is 0.0001, placing it in the 0th percentile for exploitation probability.

What products are affected by CVE-2026-8485? +

CVE-2026-8485 affects products from progress, specifically: moveit_automation. Check the affected products table above for specific version ranges.

How do I check if I'm vulnerable to CVE-2026-8485? +

You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

CVE-2025-26618

Erlang is a programming language and runtime system for building massively scalable soft real-time systems with requirements on high availability. …

CVE-2024-20260 8.6

A vulnerability in the VPN and management web servers of the Cisco Adaptive Security Virtual Appliance (ASAv) and Cisco Secure …

CVE-2025-23331 7.5

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where a user could cause a memory allocation with …

CVE-2025-3632 7.5

IBM 4769 Developers Toolkit 7.0.0 through 7.5.52 could allow a remote attacker to cause a denial of service in the …

CVE-2025-27533 7.5

Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ. During unmarshalling of OpenWire commands the size value of buffers …

CVE-2025-54801 7.5

Fiber is an Express inspired web framework written in Go. In versions 2.52.8 and below, when using Fiber's Ctx.BodyParser to …

Quick Facts

CVSS Score: 5.9
Severity: MEDIUM
EPSS: 0.0001
Published: May 20, 2026

Scan for this vulnerability

Check if your website or infrastructure is affected by CVE-2026-8485.

Website Scan Port Scan

Browse CVEs

Critical High CISA KEV ! Most likely exploited →