VDB

GCVE-110-NCSC-2026-226

GCVE-110-NCSC-2026-226
Advisory PublishedCVSS 7.2/10
Vulnetix · Advisory published July 13, 2026
A vulnerability in Progress MOVEit Transfer's Custom Reports modules allows improper neutralization of special elements in data query logic in versions 2025.0.0 before 2025.0.8, 2025.1.0 before 2025.1.4, and 2026.0.0 before 2026.0.1.

Weaknesses (CWE)

CWE-943Improper Neutralization of Special Elements in Data Query LogicCWE-401Missing Release of Memory after Effective LifetimeCWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Risk Scores

CVSS 3.1
7.2/10
High · CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersionsPlatforms
Progressvers:unknown/*

References

advisory
advisory
advisory
advisory
advisory

Browse GCVE Records

73,393 records in the GCVE database · Updated July 17, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›