Multiple security vulnerabilities affecting MOVEit Transfer versions The flaws affect MOVEit Transfer 2024 have been identified in Progress MOVEit Transfer, a product used to move sensitive files for thousands of organizations. The overall risk/impact is considered high due to the potential for stored cross-site scripting (XSS) and session hijacking attacks. Affected version ranges include MOVEit Transfer 2024.1.8 and earlier, the 2025.0 and 2025.1 branches, and 2026.0.0.
CVE-2026-11903 (CVSS 8.0 — High): A stored XSS vulnerability in the Ad Hoc module allows an authenticated user to send a crafted message that runs in the recipient's browser, enabling session hijacking.[/subscribe_to_unlock_form]
Multiple security vulnerabilities affecting MOVEit Transfer versions The flaws affect MOVEit Transfer 2024 have been identified in Progress MOVEit Transfer, a product used to move sensitive files for thousands of organizations. The overall risk/impact is considered high due to the potential for stored cross-site scripting (XSS) and session hijacking attacks. Affected version ranges include MOVEit Transfer 2024.1.8 and earlier, the 2025.0 and 2025.1 branches, and 2026.0.0.
CVE-2026-11903 (CVSS 8.0 — High): A stored XSS vulnerability in the Ad Hoc module allows an authenticated user to send a crafted message that runs in the recipient's browser, enabling session hijacking.[emaillocker id="1283"]
CVE-2026-10698: The flaw lives inside the software's Custom Reports modules. When a user tries to generate a report, the application fails to properly clean (or "sanitize") the text inputs. Because it does not safely handle special characters, a malicious actor can inject harmful data elements directly into the database query pipeline.
CVE-2026-10699 (CVSS 7.5 — High): An SFTP memory leak can exhaust server memory and cause a temporary denial of service. These vulnerabilities collectively present a significant risk for organizations using Progress MOVEit Transfer, particularly those in the Technology & IT sector. Administrators should prioritize patching to prevent potential attacks. These vulnerabilities collectively present a significant risk for organizations using Progress MOVEit Transfer, particularly those in the Technology & IT sector.
These vulnerabilities collectively present a significant risk for organizations using Progress MOVEit Transfer, particularly those in the Technology & IT sector.
The following reports contain further technical details:
[/emaillocker]