Memory leak in MOVEit Transfer - CVE-2026-10699
Published: July 8, 2026
MOVEit Transfer
Detailed vulnerability description
The vulnerability allows a remote attacker to cause a temporary denial of service.
The vulnerability exists due to missing release of memory after effective lifetime in the SFTP service when handling SFTP connections. A remote attacker can consume server memory resources to cause a temporary denial of service.
The issue occurs when memory resources on the server are exhausted.