CVE-2026-10699
HIGHMemory leak in SFTP service can result in a denial of service in MOVEit Transfer
Title source: cnaDescription
Missing release of memory after effective lifetime vulnerability in Progress MOVEit Transfer (Custom Reports modules). This issue affects MOVEit Transfer: from 2025.0.0 before 2025.0.8, from 2025.1.0 before 2025.1.4, from 2026.0.0 before 2026.0.1.
References (1)
Core 1
Core References
Vendor Advisory vendor-advisory
https://community.progress.com/s/article/MOVEit-Transfer-Critical-Security-Bulletin-June-2026
Scores
CVSS v3
7.5
EPSS
0.0028
EPSS Percentile
20.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-401
Status
published
Products (5)
Progress/MOVEit Transfer
2025.0.0 - 2025.0.8
Progress/MOVEit Transfer
2025.1.0 - 2025.1.4
Progress/MOVEit Transfer
2026.0.0 - 2026.0.1
progress/moveit_transfer
2026.0.0
progress/moveit_transfer
< 2024.1.8
Published
Jul 08, 2026
Tracked Since
Jul 08, 2026