Progress disclosed two high-severity vulnerabilities in Customer Managed ShareFile Storage Zones Controller (SZC) that could expose organizations to unauthorized access and remote code execution. CVE-2026-2699 allows an unauthenticated attacker to reach restricted configuration pages, creating a path to unauthorized system configuration changes and possible code execution. The flaw is rated CVSS 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and is associated with CWE-284 and CWE-698.
A second issue, CVE-2026-2701, allows an authenticated user to upload a malicious file to the server and execute it, resulting in remote code execution in ShareFile SZC environments. That vulnerability carries a CVSS 8.8 rating (AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H) and is mapped to CWE-94, CWE-78, and CWE-434. The disclosures reference vendor security guidance for ShareFile and indicate that both flaws can significantly affect confidentiality, integrity, and availability in customer-managed deployments.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
3 events from the most recent confirmed update back to the earliest known activity.
On 2026-04-02, Progress disclosed fixes for CVE-2026-2699 and CVE-2026-2701 in ShareFile Storage Zones Controller v5.12.4 and advised customers to upgrade or move to any unaffected v6 release. The company also said it had not received reports of active exploitation at the time of the notice.
On 2026-04-02, public CVE entries were published for both vulnerabilities with high-severity CVSS v3.1 scores, CWE mappings, and vendor/security advisory references. The CVE-2026-2699 record was also updated the same day to add a WatchTowr Labs reference.
On 2026-04-02, Progress received vulnerability reports affecting Customer Managed ShareFile Storage Zones Controller. CVE-2026-2699 allows unauthenticated access to restricted configuration pages with possible configuration changes and remote code execution, while CVE-2026-2701 allows an authenticated user to upload and execute a malicious file on the server.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
3 references tracked. Mallory keeps watching after this page renders.
cvefeed.io
Open sourcecvefeed.io
Open sourcedocs.sharefile.com
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.