Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

Progress Software — Vulnerabilities & Security Advisories 64

Browse all 64 CVE security advisories affecting Progress Software. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Progress Software develops enterprise software solutions, primarily focusing on application development platforms, database management, and integration tools for large-scale organizations. Its portfolio includes widely used technologies like OpenEdge and Telerik, which serve as critical infrastructure for business operations. Historically, security audits have identified recurring vulnerability classes within its products, including remote code execution (RCE), cross-site scripting (XSS), and privilege escalation flaws. These issues often stem from input validation errors or improper access controls in legacy components. While no single catastrophic breach has defined the company’s public security history, the accumulation of 55 recorded CVEs highlights persistent challenges in maintaining secure codebases across complex, long-standing software architectures. The company generally responds to disclosures through standard patch cycles, though the volume of findings suggests ongoing efforts to modernize security practices across its diverse product line.

Top products by Progress Software: LoadMaster MOVEit Automation Flowmon Telerik Reporting Sitefinity Telerik UI for WPF Telerik UI for ASP.NET AJAX Flowmon ADS Telerik Report Server Telerik UI for WinForms Telerik Document Processing Libraries Chef Automate Hybrid Data Pipeline Progress® Telerik® Kendo UI for Vue Telerik JustDecompile Telerik Test Studio Chef Inspec Kendo UI for jQuery Progress® Telerik® Document Processing Libraries Telerik KendoReact Progress® Telerik® UI for WinForms Telerik UI for WinUI MOVEit Transfer
CVE IDTitleCVSSSeverityPublished
CVE-2026-7313 CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity — Sitefinity 8.7 High2026-06-02
CVE-2026-7312 CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity — Sitefinity 10.0 Critical2026-06-02
CVE-2026-7201 CWE-639: Authorization Bypass Through User-Controlled Key in web services in Progress Sitefinity — SitefinityCWE-639 8.8 High2026-06-02
CVE-2026-7198 CWE-284: Improper Access Control in web services in Progress Sitefinity — SitefinityCWE-284 9.8 Critical2026-06-02
CVE-2026-7195 CWE-20: Improper Input Validation in web services in Progress Sitefinity — SitefinityCWE-20 8.8 High2026-06-02
CVE-2026-8488 Allocation of resources without limits or throttling vulnerability in Progress Software MOVEit Automation — MOVEit AutomationCWE-770 4.3 Medium2026-05-20
CVE-2026-8487 Incorrect default permissions vulnerability in Progress Software MOVEit Automation — MOVEit AutomationCWE-276 6.5 Medium2026-05-20
CVE-2026-8486 Allocation of resources without limits or throttling vulnerability in Progress Software MOVEit Automation — MOVEit AutomationCWE-770 5.3 Medium2026-05-20
CVE-2026-8485 Uncontrolled Memory Allocation vulnerability in Progress Software MOVEit Automation — MOVEit AutomationCWE-789 5.9 Medium2026-05-20
CVE-2026-5174 Improper Access Control Vulnerability in Progress MOVEit Automation — MOVEit AutomationCWE-20 7.7 High2026-04-30
CVE-2026-4670 Improper Authentication vulnerability in Progress MOVEit Automation — MOVEit AutomationCWE-305 9.8 Critical2026-04-30
CVE-2026-6023 Deserialization of Untrusted Data Vulnerability in Telerik UI for ASP.NET AJAX — Telerik UI for ASP.NET AJAXCWE-502 8.1 High2026-04-22
CVE-2026-6022 Uncontrolled Resource Consumption Vulnerability in Telerik UI for ASP.NET AJAX — Telerik UI for ASP.NET AJAXCWE-400 7.5 High2026-04-22
CVE-2026-4048 OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster, ECS Connection Manager, Object Scale Connection Manager & MOVEit WAF — LoadMasterCWE-77 8.4 High2026-04-20
CVE-2026-3519 OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster, ECS Connection Manager, Object Scale Connection Manager & MOVEit WAF — LoadMasterCWE-77 8.4 High2026-04-20
CVE-2026-3518 OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster, ECS Connection Manager, Object Scale Connection Manager & MOVEit WAF — LoadMasterCWE-77 8.4 High2026-04-20
CVE-2026-3517 OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster, ECS Connection Manager, Object Scale Connection Manager & MOVEit WAF — LoadMasterCWE-77 8.4 High2026-04-20
CVE-2026-2737 Possibility of unintended actions when an administrator clicks a malicious link in the Progress Flowmon web application — FlowmonCWE-79 8.3AIHighAI2026-04-02
CVE-2026-3692 Unintended command execution during report generation in Progress Flowmon — FlowmonCWE-78 8.8AIHighAI2026-04-02
CVE-2026-2514 Possibility of unintended actions when viewing maliciously crafted network data in Progress Flowmon ADS web application — Flowmon ADSCWE-79 6.1AIMediumAI2026-03-12
CVE-2026-2513 Possibility of unintended actions when an administrator clicks a malicious link in the Progress Flowmon ADS web application — Flowmon ADSCWE-79 8.4AIHighAI2026-03-12
CVE-2026-2878 Insufficient Entropy Vulnerability in Telerik UI for ASP.NET AJAX — Telerik UI for ASP.NET AJAXCWE-331 5.3 Medium2026-02-25
CVE-2025-6723 Untrusted user data can lead to privilege escalation — Chef InspecCWE-269 7.8AIHighAI2026-01-30
CVE-2025-13447 OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster — LoadMaster 8.4 High2026-01-13
CVE-2025-13444 OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster — LoadMaster 8.4 High2026-01-13
CVE-2025-13774 SQL injection leading to privilege escalation in Progress Flowmon ADS — Flowmon ADSCWE-89 8.8 High2026-01-13
CVE-2025-11906 Privilege escalation via writable configuration files in Progress Flowmon — FlowmonCWE-732 6.7 Medium2025-10-30
CVE-2025-10240 Possibility of unintended actions when a user clicks a malicious link in the Progress Flowmon web application — FlowmonCWE-79 8.8 High2025-10-09
CVE-2025-10239 Unintended command execution via troubleshooting scripts in Progress Flowmon — FlowmonCWE-78 7.2 High2025-10-09
CVE-2025-8868 Chef Automate compliance service SQL Injection Vulnerability — Chef AutomateCWE-200 9.8 Critical2025-09-29

This page lists every published CVE security advisory associated with Progress Software. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.