Progress Software has patched two critical vulnerabilities in its MOVEit Automation platform, including a severe authentication bypass flaw, tracked as CVE-2026-4670, and a privilege escalation issue, tracked as CVE-2026-51741. These bugs could be exploited by attackers to gain unauthorized access to systems or elevate privileges, potentially leading to full system compromise. MOVEit Automation is a widely used enterprise managed file transfer solution, designed to securely transfer and schedule files. The vulnerabilities could be particularly damaging if exploited, as they could allow attackers to bypass authentication mechanisms and gain unrestricted access to sensitive data. The disclosure of CVE-2026-4670 expands the active attack surface, making it essential for organizations to prioritize patching based on their exposure and exploitation evidence. This matters to security practitioners because unpatched MOVEit Automation instances could provide a gateway for attackers to compromise entire systems.