1. Home
  2. Reference documentation
  3. Changelog
  4. 2024
  5. June 2024

Protection from CVE-2024-5806 (Progress MOVEit Transfer Authentication Bypass Vulnerability)

June 28, 2024
ngwaf-announcementsadded

An authentication bypass vulnerability has been found in Progress MOVEit Transfer and has been assigned CVE-2024-5806. Fastly has created a virtual patch for it that is now available within your account. To activate it and add protection to your services:

  1. Log in to the Next-Gen WAF control panel.

  2. From the Sites menu, select a site if you have more than one site.

  3. From the Rules menu, select Templated Rules.
  4. In the search bar, enter CVE-2024-5806 and then click View for the CVE-2024-5806 templated rule.
  5. Click Configure and then Add trigger.
  6. Select the Block requests from an IP immediately if the CVE-2024-5806 signal is observed checkbox.
  7. Click Update rule.

Prior change: Protection from CVE-2024-34102 (Adobe Commerce and Magento Open Source unauthenticated XML entity injection)

Following change: New anomaly signal: INSECURE-AUTH

Fastly
© Fastly 2025