Researchers warn of critical flaws in Progress ShareFile - Cybersecurity Dive
Cybersecurity DiveArchived May 30, 2026✓ Full text saved
Researchers warn of critical flaws in Progress ShareFile Cybersecurity Dive
Full text archived locally
✦ AI Summary· Claude Sonnet
Researchers warn of critical flaws in Progress ShareFile
Attackers could chain vulnerabilities together, leading to configuration changes or remote code execution.
Published April 3, 2026
David Jones
Reporter
Share
License
Add us on Google
Getty Images
Security researchers warn that chaining two critical vulnerabilities in Progress Software’s ShareFile service could allow an attacker to achieve remote code execution.
The flaws exist in ShareFile Storage Zones Controller, which helps users manage files while they are using the ShareFile software-as-a-service interface, according to researchers at watchTowr Labs.
The vulnerabilities include an authentication bypass flaw, tracked as CVE-2026-2699, and a remote code execution flaw, CVE-2026-2701. The vulnerabilities have severity scores of 9.8 and 9.1, respectively.
Progress Software warned in a security bulletin released Thursday that an attacker could access on-premises Storage Zones Controller configuration pages, allowing them to make changes in system configuration or achieve remote code execution.
There is no immediate evidence of exploitation, but researchers urged users to immediately apply security updates.
Researchers from watchTowr said there were about 30,000 instances visible on the internet, while more targeted analysis from Shadowserver Foundation showed 784 unique IPs were exposed.
The U.S. and Germany are the most widely exposed geographic locations, according to Shadowserver data.
Researchers noted that similar file-transfer software has been a target of significant exploitation campaigns in recent years.
Progress Software dealt with a wave of exploitation activity involving MOVEit file transfer software in 2023. Major government agencies and companies were targeted in a subsequent campaign from the Clop ransomware group.
A less extensive exploitation wave involving Cleo file-transfer software occurred in 2024.
Add us on Google
Share
PURCHASE LICENSING RIGHTS
Filed Under: Vulnerability