Progress security patch release for CVE-2026-2699
Security Patch Release
Summary
Hide ▲
Show ▼
Progress released ShareFile 5.12.4 on March 10 to fix CVE-2026-2699 and CVE-2026-2701 in the Storage Zones Controller (SZC) for branch 5.x. The update closes an authentication-bypass and RCE chain that could lead to unauthenticated file exfiltration from affected environments. Administrators should move vulnerable systems to the patched build quickly because the exposed component can provide a path to full compromise.
Related Happenings
Gitea Docker images security update (CVE-2026-20896)
Security Patch Release
H score51
First: 06.07.2026 19:28
Last: 06.07.2026 19:28
Sources 1
About this happening:
Gitea released **version 1.26.3** to fix **CVE-2026-20896**, closing a critical authentication-bypass risk in **Gitea Docker images**. The update removed the default **"*"** wildc...
Gitea Docker images security update (CVE-2026-20896)
Security Patch ReleaseAbout this happening: Gitea released **version 1.26.3** to fix **CVE-2026-20896**, closing a critical authentication-bypass risk in **Gitea Docker images**. The update removed the default **"*"** wildc...
Progress LoadMaster CVE-2026-8037 patch release
Security Patch Release
H score52
First: 30.06.2026 10:38
Last: 30.06.2026 10:38
Sources 1
About this happening:
**Progress** published fixed **LoadMaster** versions for **CVE-2026-8037**, closing a **pre-auth root command execution** path on appliances with the API enabled. Administrators r...
Progress LoadMaster CVE-2026-8037 patch release
Security Patch ReleaseAbout this happening: **Progress** published fixed **LoadMaster** versions for **CVE-2026-8037**, closing a **pre-auth root command execution** path on appliances with the API enabled. Administrators r...
Ubiquiti UniFi OS security patch release for CVE-2026-34908/34909/34910
Security Patch Release
H score53
First: 24.06.2026 20:19
Last: 24.06.2026 20:19
Sources 1
About this happening:
Ubiquiti released **UniFi OS** patches for **CVE-2026-34908**, **CVE-2026-34909**, and **CVE-2026-34910**, closing three maximum-severity defects tied to **in-the-wild exploitatio...
Ubiquiti UniFi OS security patch release for CVE-2026-34908/34909/34910
Security Patch ReleaseAbout this happening: Ubiquiti released **UniFi OS** patches for **CVE-2026-34908**, **CVE-2026-34909**, and **CVE-2026-34910**, closing three maximum-severity defects tied to **in-the-wild exploitatio...
Dify security patch release for CVE-2026-41947
Security Patch Release
H score34
First: 22.06.2026 19:13
Last: 22.06.2026 19:13
Sources 1
About this happening:
**Dify** shipped **version 1.14.2** to fix most of the **DifyTap** vulnerabilities, closing cross-tenant paths that could expose **AI chats**, **uploaded files**, and internal API...
Dify security patch release for CVE-2026-41947
Security Patch ReleaseAbout this happening: **Dify** shipped **version 1.14.2** to fix most of the **DifyTap** vulnerabilities, closing cross-tenant paths that could expose **AI chats**, **uploaded files**, and internal API...
Squid web proxy patch for CVE-2026-47729
Security Patch Release
H score20
First: 22.06.2026 17:29
Last: 22.06.2026 17:29
Sources 1
About this happening:
**Squid maintainers** merged a **null-terminator check** for **CVE-2026-47729** into the **development branch** and **v7**, closing the FTP-parser over-read that could expose shar...
Squid web proxy patch for CVE-2026-47729
Security Patch ReleaseAbout this happening: **Squid maintainers** merged a **null-terminator check** for **CVE-2026-47729** into the **development branch** and **v7**, closing the FTP-parser over-read that could expose shar...
Timeline
-
02.04.2026 03:00 1 articles · 3mo ago
watchTowr confirms ShareFile SZC exploit chain
Technical Analysis UpdatewatchTowr confirms that CVE-2026-2699 and CVE-2026-2701 can be chained in the Storage Zones Controller (SZC) of Progress ShareFile branch 5.x, where the authentication bypass opens access to admin settings needed to complete the remote code execution path and place malicious ASPX webshells.
Show sources
- New Progress ShareFile flaws can be chained in pre-auth RCE attacks — www.bleepingcomputer.com — 02.04.2026 16:33
-
02.04.2026 03:00 2 articles · 3mo ago
Progress releases ShareFile 5.12.4
Mitigation Patch UpdateProgress releases ShareFile 5.12.4 for branch 5.x Storage Zones Controller (SZC) after responsible disclosure, addressing CVE-2026-2699 and CVE-2026-2701 and removing the vulnerable build that could be chained for unauthenticated file exfiltration and pre-auth RCE.
Show sources
- New Progress ShareFile flaws can be chained in pre-auth RCE attacks — www.bleepingcomputer.com — 02.04.2026 16:33
- New Progress ShareFile flaws can be chained in pre-auth RCE attacks — www.bleepingcomputer.com — 02.04.2026 16:33
-
02.04.2026 03:00 1 articles · 3mo ago
watchTowr publicly details the ShareFile vulnerability chain
Initial DisclosurewatchTowr publicly details how CVE-2026-2699 and CVE-2026-2701 can be chained in Progress ShareFile to enable unauthenticated file exfiltration and pre-auth RCE, while noting about 30,000 Storage Zone Controller instances exposed on the public internet, 700 internet-exposed Progress ShareFile instances observed by ShadowServer Foundation, and no active exploitation in the wild as of writing.
Show sources
- New Progress ShareFile flaws can be chained in pre-auth RCE attacks — www.bleepingcomputer.com — 02.04.2026 16:33