Improper Neutralization of Special Elements in Data Query Logic vulnerability in Progress MOVEit Transfer (Custom Reports modules).
This issue affects MOVEit Transfer: before 2025.0.7, from 2025.1.0 before 2025.1.3.
Metrics
Affected Vendors & Products
References
History
Wed, 08 Jul 2026 21:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Progress
Progress moveit Transfer |
|
| Vendors & Products |
Progress
Progress moveit Transfer |
Wed, 08 Jul 2026 20:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Improper Neutralization of Special Elements in Data Query Logic vulnerability in Progress MOVEit Transfer (Custom Reports modules). This issue affects MOVEit Transfer: before 2026.0.0, before 2025.1.3, before 2025.0.7. | Improper Neutralization of Special Elements in Data Query Logic vulnerability in Progress MOVEit Transfer (Custom Reports modules). This issue affects MOVEit Transfer: before 2025.0.7, from 2025.1.0 before 2025.1.3. |
Wed, 08 Jul 2026 19:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Improper Neutralization of Special Elements in Data Query Logic vulnerability in Progress MOVEit Transfer (Custom Reports modules). This issue affects MOVEit Transfer: before 2026.0.0, before 2025.1.3, before 2025.0.7. | |
| Title | Institution scope bypass vulnerability in custom reports | |
| Weaknesses | CWE-943 | |
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: ProgressSoftware
Published:
Updated: 2026-07-08T19:44:22.665Z
Reserved: 2026-05-15T04:28:11.755Z
Link: CVE-2026-8649
No data.
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-08T20:45:07Z