Progress CVE coverage for MOVEit, Telerik, OpenEdge, and high-impact enterprise file-transfer or application platforms.
Vendor watch hub
The Progresswatch hub is a vendor-specific view inside ITECS MSP Threat Radar. We pull the latest security advisories, incidents, and known-exploited CVEs directly from the official feeds below, score each one for MSP relevance, and surface what's most likely to need attention this week.
At a glance
Tracked
Active
Featured
Unique CVEs
Most recent entry
May 20, 2026, 11:16 AM
Feed refreshes daily · 5:15 a.m. Central
Sources·CISA KEV and NVD (product vendor coverage)
"Most recent entry" is the newest item the upstream feed has published — not our sync time.
Watch items
Showing the 20 most recent items, newest first. Each row links to the official advisory.
20 rows · sorted newest first
Operations viewAllocation of resources without limits or throttling vulnerability in Progress Software MOVEit Automation allows Excessive Allocation. This issue affects MOVEit Automation: before 2025.0.11, from 2025.1.0 before 2025.1.7.
Incorrect default permissions vulnerability in Progress Software MOVEit Automation allows Retrieve Embedded Sensitive Data. This issue affects MOVEit Automation: before 2025.0.11, from 2025.1.0 before 2025.1.7.
Allocation of resources without limits or throttling vulnerability in Progress Software MOVEit Automation allows Flooding. This issue affects MOVEit Automation: before 2025.0.11, from 2025.1.0 before 2025.1.7.
Uncontrolled Memory Allocation vulnerability in Progress Software MOVEit Automation allows Excessive Allocation. This issue affects MOVEit Automation: before 2025.0.11, from 2025.1.0 before 2025.1.7.
Improper input validation vulnerability in Progress Software MOVEit Automation allows Privilege Escalation. This issue affects MOVEit Automation: from 2025.1.0 before 2025.1.5, from 2025.0.0 before 2025.0.9, from 2024.0.0 before 2024.1.8, versions prior to 2024.0.0.
In Progress® Telerik® UI for AJAX versions 2024.4.1114 through 2026.1.421, the RadFilter control is vulnerable to insecure deserialization when restoring filter state if the state is exposed to the client. If an attacker tampers with this state, a server-side remote code execution is possible.
OS Command Injection Remote Code Execution Vulnerability in UI in Progress ADC Products allows an authenticated attacker with “All” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in a custom WAF rule file during the file upload process.
OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “VS Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the 'aclcontrol' command
OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “All” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the 'killsession' command
OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “Geo Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the 'addcountry' command
In Progress Flowmon versions prior to 12.5.8, a vulnerability exists whereby an authenticated low-privileged user may craft a request during the report generation process that results in unintended commands being executed on the server.
Authenticated user can upload a malicious file to the server and execute it, which leads to remote code execution.
Progress WhatsUp Gold contains a path traversal vulnerability that allows an unauthenticated attacker to achieve remote code execution.
In Progress Telerik UI for WinUI versions prior to 2025 Q1 (3.0.0), a command injection attack is possible through improper neutralization of hyperlink elements.
Progress Kemp LoadMaster contains an OS command injection vulnerability that allows an unauthenticated, remote attacker to access the system through the LoadMaster management interface, enabling arbitrary system command execution.
Progress WhatsUp Gold contains a SQL injection vulnerability that allows an unauthenticated attacker to retrieve the user's encrypted password if the application is configured with only a single user. Known ransomware use: Known.
Progress Telerik Report Server contains an authorization bypass by spoofing vulnerability that allows an attacker to obtain unauthorized access.
Progress WS_FTP Server contains a deserialization of untrusted data vulnerability in the Ad Hoc Transfer module that allows an authenticated attacker to execute remote commands on the underlying operating system. Known ransomware use: Known.
Progress MOVEit Transfer contains a SQL injection vulnerability that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer's database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database in addition to executing SQL statements that alter or delete database elements. Known ransomware use: Known.
Progress Telerik UI for ASP.NET AJAX contains a deserialization of untrusted data vulnerability through RadAsyncUpload which leads to code execution on the server in the context of the w3wp.exe process. Known ransomware use: Known.
| Alert | Exposure | Status | Published | Source |
|---|---|---|---|---|
moveit automation vulnerability (CVE-2026-8488)Allocation of resources without limits or throttling vulnerability in Progress Software MOVEit Automation allows Excessive Allocation. This issue affects MOVEit Automation: before 2025.0.11, from 2025.1.0 before 2025.1.7. moveit automation | HIGHCVE-2026-8488 Elevated | watch | May 20, 2026, 11:16 AM | NVDOpen source |
moveit automation vulnerability (CVE-2026-8487)Incorrect default permissions vulnerability in Progress Software MOVEit Automation allows Retrieve Embedded Sensitive Data. This issue affects MOVEit Automation: before 2025.0.11, from 2025.1.0 before 2025.1.7. moveit automation | HIGHCVE-2026-8487 Elevated | watch | May 20, 2026, 11:16 AM | NVDOpen source |
moveit automation vulnerability (CVE-2026-8486)Allocation of resources without limits or throttling vulnerability in Progress Software MOVEit Automation allows Flooding. This issue affects MOVEit Automation: before 2025.0.11, from 2025.1.0 before 2025.1.7. moveit automation | HIGHCVE-2026-8486 Elevated | watch | May 20, 2026, 11:16 AM | NVDOpen source |
moveit automation vulnerability (CVE-2026-8485)Uncontrolled Memory Allocation vulnerability in Progress Software MOVEit Automation allows Excessive Allocation. This issue affects MOVEit Automation: before 2025.0.11, from 2025.1.0 before 2025.1.7. moveit automation | HIGHCVE-2026-8485 Elevated | watch | May 20, 2026, 9:17 AM | NVDOpen source |
moveit automation vulnerability (CVE-2026-5174)Improper input validation vulnerability in Progress Software MOVEit Automation allows Privilege Escalation. This issue affects MOVEit Automation: from 2025.1.0 before 2025.1.5, from 2025.0.0 before 2025.0.9, from 2024.0.0 before 2024.1.8, versions prior to 2024.0.0. moveit automation | HIGHCVE-2026-5174 Watch | watch | Apr 30, 2026, 11:16 AM | NVDOpen source |
telerik ui for asp.net ajax vulnerability (CVE-2026-6023)In Progress® Telerik® UI for AJAX versions 2024.4.1114 through 2026.1.421, the RadFilter control is vulnerable to insecure deserialization when restoring filter state if the state is exposed to the client. If an attacker tampers with this state, a server-side remote code execution is possible. telerik ui for asp.net ajax | CRITICALCVE-2026-6023 Watch | watch | Apr 22, 2026, 3:16 AM | NVDOpen source |
connection manager for objectscale vulnerability (CVE-2026-4048)OS Command Injection Remote Code Execution Vulnerability in UI in Progress ADC Products allows an authenticated attacker with “All” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in a custom WAF rule file during the file upload process. connection manager for objectscale | HIGHCVE-2026-4048 Watch | watch | Apr 20, 2026, 9:16 AM | NVDOpen source |
connection manager for objectscale vulnerability (CVE-2026-3519)OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “VS Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the 'aclcontrol' command connection manager for objectscale | HIGHCVE-2026-3519 Watch | watch | Apr 20, 2026, 9:16 AM | NVDOpen source |
connection manager for objectscale vulnerability (CVE-2026-3518)OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “All” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the 'killsession' command connection manager for objectscale | HIGHCVE-2026-3518 Watch | watch | Apr 20, 2026, 9:16 AM | NVDOpen source |
connection manager for objectscale vulnerability (CVE-2026-3517)OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “Geo Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the 'addcountry' command connection manager for objectscale | HIGHCVE-2026-3517 Watch | watch | Apr 20, 2026, 9:16 AM | NVDOpen source |
flowmon vulnerability (CVE-2026-3692)In Progress Flowmon versions prior to 12.5.8, a vulnerability exists whereby an authenticated low-privileged user may craft a request during the report generation process that results in unintended commands being executed on the server. flowmon | HIGHCVE-2026-3692 Watch | watch | Apr 2, 2026, 9:16 AM | NVDOpen source |
sharefile storage zones controller vulnerability (CVE-2026-2701)Authenticated user can upload a malicious file to the server and execute it, which leads to remote code execution. sharefile storage zones controller | HIGHCVE-2026-2701 Watch | watch | Apr 2, 2026, 9:16 AM | NVDOpen source |
Progress WhatsUp Gold Path Traversal VulnerabilityProgress WhatsUp Gold contains a path traversal vulnerability that allows an unauthenticated attacker to achieve remote code execution. WhatsUp Gold | criticalCVE-2024-4885 Critical | active | Mar 2, 2025, 6:00 PM | CISA KEVOpen source |
telerik ui for winui vulnerability (CVE-2024-12251)In Progress Telerik UI for WinUI versions prior to 2025 Q1 (3.0.0), a command injection attack is possible through improper neutralization of hyperlink elements. telerik ui for winui | HIGHCVE-2024-12251 Watch | watch | Feb 12, 2025, 9:15 AM | NVDOpen source |
Progress Kemp LoadMaster OS Command Injection VulnerabilityProgress Kemp LoadMaster contains an OS command injection vulnerability that allows an unauthenticated, remote attacker to access the system through the LoadMaster management interface, enabling arbitrary system command execution. Kemp LoadMaster | criticalCVE-2024-1212 Critical | active | Nov 17, 2024, 6:00 PM | CISA KEVOpen source |
Progress WhatsUp Gold SQL Injection VulnerabilityProgress WhatsUp Gold contains a SQL injection vulnerability that allows an unauthenticated attacker to retrieve the user's encrypted password if the application is configured with only a single user. Known ransomware use: Known. WhatsUp Gold | criticalCVE-2024-6670 Critical | active | Sep 15, 2024, 7:00 PM | CISA KEVOpen source |
Progress Telerik Report Server Authentication Bypass by Spoofing VulnerabilityProgress Telerik Report Server contains an authorization bypass by spoofing vulnerability that allows an attacker to obtain unauthorized access. Telerik Report Server | criticalCVE-2024-4358 Critical | active | Jun 12, 2024, 7:00 PM | CISA KEVOpen source |
Progress WS_FTP Server Deserialization of Untrusted Data VulnerabilityProgress WS_FTP Server contains a deserialization of untrusted data vulnerability in the Ad Hoc Transfer module that allows an authenticated attacker to execute remote commands on the underlying operating system. Known ransomware use: Known. WS_FTP Server | criticalCVE-2023-40044 Critical | active | Oct 4, 2023, 7:00 PM | CISA KEVOpen source |
Progress MOVEit Transfer SQL Injection VulnerabilityProgress MOVEit Transfer contains a SQL injection vulnerability that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer's database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database in addition to executing SQL statements that alter or delete database elements. Known ransomware use: Known. MOVEit Transfer | criticalCVE-2023-34362 Critical | active | Jun 1, 2023, 7:00 PM | CISA KEVOpen source |
Progress Telerik UI for ASP.NET AJAX Deserialization of Untrusted Data VulnerabilityProgress Telerik UI for ASP.NET AJAX contains a deserialization of untrusted data vulnerability through RadAsyncUpload which leads to code execution on the server in the context of the w3wp.exe process. Known ransomware use: Known. Telerik UI for ASP.NET AJAX | criticalCVE-2019-18935 Critical | active | Nov 2, 2021, 7:00 PM | CISA KEVOpen source |
ITECS response pathways
These pathways connect the vendor watch feed into service-owner resources that already carry commercial authority.
Use the cybersecurity services pathway when this vendor alert needs an ITECS-managed response plan.
Connect the vendor watch page to broader managed detection, response, and governance planning.
Translate current watch items into a faster risk snapshot and prioritized remediation plan.
Return to the hub for cross-vendor prioritization, live filtering, and broader MSP threat context.
Vendor watch FAQ
It is the Progress-specific view inside ITECS Threat Radar, built to track recent advisories, incidents, and watch items that may affect Dallas-area business operations.
Use it to confirm whether current Progress issues overlap with your environment, prioritize remediation, and decide whether you need an assessment, managed security follow-through, or vendor-specific hardening work.
Yes. ITECS can help map Progress advisories against your systems, validate affected services, prioritize remediation, and connect the issue to broader managed cybersecurity or managed IT workflows.