Find notable cyber news and cases, enriched with sources, timelines, and signals.

Progress security patch release for CVE-2026-2699

Security Patch Release
First reported
Last updated
Happening score
H score 68
1 unique sources, 1 articles

Summary

Hide ▲

Progress released ShareFile 5.12.4 on March 10 to fix CVE-2026-2699 and CVE-2026-2701 in the Storage Zones Controller (SZC) for branch 5.x. The update closes an authentication-bypass and RCE chain that could lead to unauthenticated file exfiltration from affected environments. Administrators should move vulnerable systems to the patched build quickly because the exposed component can provide a path to full compromise.

Related Happenings

Gitea Docker images security update (CVE-2026-20896)

Security Patch Release
H score51 First: 06.07.2026 19:28 Last: 06.07.2026 19:28 Sources 1

About this happening: Gitea released **version 1.26.3** to fix **CVE-2026-20896**, closing a critical authentication-bypass risk in **Gitea Docker images**. The update removed the default **"*"** wildc...

Progress LoadMaster CVE-2026-8037 patch release

Security Patch Release
H score52 First: 30.06.2026 10:38 Last: 30.06.2026 10:38 Sources 1

About this happening: **Progress** published fixed **LoadMaster** versions for **CVE-2026-8037**, closing a **pre-auth root command execution** path on appliances with the API enabled. Administrators r...

Ubiquiti UniFi OS security patch release for CVE-2026-34908/34909/34910

Security Patch Release
H score53 First: 24.06.2026 20:19 Last: 24.06.2026 20:19 Sources 1

About this happening: Ubiquiti released **UniFi OS** patches for **CVE-2026-34908**, **CVE-2026-34909**, and **CVE-2026-34910**, closing three maximum-severity defects tied to **in-the-wild exploitatio...

Dify security patch release for CVE-2026-41947

Security Patch Release
H score34 First: 22.06.2026 19:13 Last: 22.06.2026 19:13 Sources 1

About this happening: **Dify** shipped **version 1.14.2** to fix most of the **DifyTap** vulnerabilities, closing cross-tenant paths that could expose **AI chats**, **uploaded files**, and internal API...

Squid web proxy patch for CVE-2026-47729

Security Patch Release
H score20 First: 22.06.2026 17:29 Last: 22.06.2026 17:29 Sources 1

About this happening: **Squid maintainers** merged a **null-terminator check** for **CVE-2026-47729** into the **development branch** and **v7**, closing the FTP-parser over-read that could expose shar...

Timeline

  1. 02.04.2026 03:00 1 articles · 3mo ago

    watchTowr confirms ShareFile SZC exploit chain

    Technical Analysis Update

    watchTowr confirms that CVE-2026-2699 and CVE-2026-2701 can be chained in the Storage Zones Controller (SZC) of Progress ShareFile branch 5.x, where the authentication bypass opens access to admin settings needed to complete the remote code execution path and place malicious ASPX webshells.

    Show sources
  2. 02.04.2026 03:00 2 articles · 3mo ago

    Progress releases ShareFile 5.12.4

    Mitigation Patch Update

    Progress releases ShareFile 5.12.4 for branch 5.x Storage Zones Controller (SZC) after responsible disclosure, addressing CVE-2026-2699 and CVE-2026-2701 and removing the vulnerable build that could be chained for unauthenticated file exfiltration and pre-auth RCE.

    Show sources
  3. 02.04.2026 03:00 1 articles · 3mo ago

    watchTowr publicly details the ShareFile vulnerability chain

    Initial Disclosure

    watchTowr publicly details how CVE-2026-2699 and CVE-2026-2701 can be chained in Progress ShareFile to enable unauthenticated file exfiltration and pre-auth RCE, while noting about 30,000 Storage Zone Controller instances exposed on the public internet, 700 internet-exposed Progress ShareFile instances observed by ShadowServer Foundation, and no active exploitation in the wild as of writing.

    Show sources