MoveIt Redux: Progress Software Battles a New Wave of RCE Flaws

John Z Black Apr 27, 2026 Vulnerabilities & Patching #moveit #progress-software #rce #cve #patching #loadmaster

Some names never leave the threat intel community’s memory. MoveIt is at the top of that list.

Progress Software has disclosed a new flurry of critical vulnerabilities hitting MoveIt WAF and LoadMaster. We are looking at OS command injection flaws that allow an attacker to gain a persistent shell on the underlying system. This isn’t just about exposing data: it is about blinding your security perimeter.

History has shown that organized threat actors built entire playbooks around MoveIt exploits. They watch for new disclosures more closely than most defenders watch for patches. If you are running these products, your patch window is measured in hours.

Assume that once a technical detail for a MoveIt product hit the wire, someone is already testing it against your network. Don’t wait for your next change window.

Check the official Progress advisories and get the restriction guidelines for your management interface here.