CVE-2026-2701 is a critical post-authentication remote code execution vulnerability in Progress ShareFile Storage Zones Controller 5.x prior to 5.12.4. The flaw allows a high-privileged authenticated user to upload a malicious file to the server and execute it. Public technical reporting indicates the issue can be abused through the product’s file upload and archive extraction workflow, enabling attacker-controlled content to be written to a server-controlled path, including a web-accessible directory, and then executed as server-side code. In demonstrated exploit chains against the 5.x ASP.NET-based branch, the weakness was used to place malicious ASPX content in the application webroot and obtain code execution on the underlying server. The vulnerability was also described by the vendor as affecting customer-managed Storage Zones Controller deployments, while 6.x releases were reported as unaffected.
Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.
What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.
What an attacker gets, and what they’ve been doing with it.
If you can’t patch tonight, do this now.
Patch, then assume compromise.
No public exploits tracked yet. Mallory keeps watching.
No public exploit code observed for this vulnerability.
Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.
Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.
46 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
A remote code execution vulnerability in Progress ShareFile Storage Zone Controller that, when chained with CVE-2026-2699, allowed unauthenticated attackers to upload malicious ASPX webshells and gain full remote code execution.
A critical vulnerability in Progress ShareFile Storage Zone Controller that, when chained with CVE-2026-2699, allows unauthenticated remote code execution on exposed SZC servers.
A critical remote code execution vulnerability in Progress Software ShareFile Storage Zones Controller v5 that could allow an unauthenticated remote attacker to achieve remote code execution, especially when chained with the authentication bypass flaw.
A critical remote code execution vulnerability in Progress ShareFile Storage Zones Controller 5.x that allows malicious file upload and extraction into a web-accessible path, enabling remote code execution when chained with the authentication bypass.
Query your assets running an affected version, and investigate the blast radius.
Every observed campaign linking this CVE to a named adversary.
Malware families riding this exploit, with evidence and IOCs.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Cross-references every affected SKU, including bundled OEM variants.
Community discussion across Reddit, Mastodon, and other social sources.