Progress security patch release for CVE-2026-2699
Security Patch Release
Summary
Hide ▲
Show ▼
Progress released ShareFile 5.12.4 on March 10 to fix CVE-2026-2699 and CVE-2026-2701 in the Storage Zones Controller (SZC) for branch 5.x. The update closes an authentication-bypass and RCE chain that could lead to unauthenticated file exfiltration from affected environments. Administrators should move vulnerable systems to the patched build quickly because the exposed component can provide a path to full compromise.
Related Happenings
Pretalx version 2026.1.0 security update for CVE-2026-41241
Security Patch Release
First: 27.05.2026 17:30
Last: 27.05.2026 17:30
Sources 1
About this happening:
**Pretalx** released **version 2026.1.0** to patch **CVE-2026-41241**, a **stored XSS** flaw that could compromise organizer accounts in conference deployments. The update closes...
Pretalx version 2026.1.0 security update for CVE-2026-41241
Security Patch ReleaseAbout this happening: **Pretalx** released **version 2026.1.0** to patch **CVE-2026-41241**, a **stored XSS** flaw that could compromise organizer accounts in conference deployments. The update closes...
TrendAI Trend Micro’s enterprise business security patch release for CVE-2026-34926
Security Patch Release
First: 22.05.2026 11:19
Last: 22.05.2026 11:19
Sources 1
About this happening:
**TrendAI** released **Apex One** security updates after confirming a **zero-day** had been **exploited in the wild**, leaving **on-premises installations** at risk until patched....
TrendAI Trend Micro’s enterprise business security patch release for CVE-2026-34926
Security Patch ReleaseAbout this happening: **TrendAI** released **Apex One** security updates after confirming a **zero-day** had been **exploited in the wild**, leaving **on-premises installations** at risk until patched....
Avada Builder 3.15.3 patch release (CVE-2026-4782, CVE-2026-4798)
Security Patch Release
First: 15.05.2026 18:56
Last: 15.05.2026 18:56
Sources 1
About this happening:
**Avada Builder** shipped **version 3.15.3** as the full fix for **CVE-2026-4782** and **CVE-2026-4798**, closing the plugin flaws that could expose files and database data. A pri...
Avada Builder 3.15.3 patch release (CVE-2026-4782, CVE-2026-4798)
Security Patch ReleaseAbout this happening: **Avada Builder** shipped **version 3.15.3** as the full fix for **CVE-2026-4782** and **CVE-2026-4798**, closing the plugin flaws that could expose files and database data. A pri...
Linux distros patch release for Fragnasia (CVE-2026-46300)
Security Patch Release
First: 14.05.2026 10:34
Last: 14.05.2026 10:34
Sources 1
About this happening:
Linux distros are rolling out **patches** for **CVE-2026-46300**, a high-severity kernel flaw that can let unprivileged local attackers gain **root** on vulnerable Linux systems....
Linux distros patch release for Fragnasia (CVE-2026-46300)
Security Patch ReleaseAbout this happening: Linux distros are rolling out **patches** for **CVE-2026-46300**, a high-severity kernel flaw that can let unprivileged local attackers gain **root** on vulnerable Linux systems....
F5 security patch release for CVE-2026-42945
Security Patch Release
First: 14.05.2026 09:00
Last: 14.05.2026 09:00
Sources 1
About this happening:
F5 released **security fixes** for **NGINX Plus** and **NGINX Open Source** after disclosing **multiple vulnerabilities**, including **CVE-2026-42945**. The patch release covers i...
F5 security patch release for CVE-2026-42945
Security Patch ReleaseAbout this happening: F5 released **security fixes** for **NGINX Plus** and **NGINX Open Source** after disclosing **multiple vulnerabilities**, including **CVE-2026-42945**. The patch release covers i...
Latest development: 17.05.2026 14:57
VulnCheck reported active exploitation of CVE-2026-42945 against NGINX Plus and NGINX Open, saying honeypot networks saw weaponized crafted HTTP requests that can crash worker processes and, when ASLR is disabled, enable remote code execution.
Timeline
-
02.04.2026 03:00 1 articles · 1mo ago
watchTowr confirms ShareFile SZC exploit chain
Technical Analysis UpdatewatchTowr confirms that CVE-2026-2699 and CVE-2026-2701 can be chained in the Storage Zones Controller (SZC) of Progress ShareFile branch 5.x, where the authentication bypass opens access to admin settings needed to complete the remote code execution path and place malicious ASPX webshells.
Show sources
- New Progress ShareFile flaws can be chained in pre-auth RCE attacks — www.bleepingcomputer.com — 02.04.2026 16:33
-
02.04.2026 03:00 2 articles · 1mo ago
Progress releases ShareFile 5.12.4
Mitigation Patch UpdateProgress releases ShareFile 5.12.4 for branch 5.x Storage Zones Controller (SZC) after responsible disclosure, addressing CVE-2026-2699 and CVE-2026-2701 and removing the vulnerable build that could be chained for unauthenticated file exfiltration and pre-auth RCE.
Show sources
- New Progress ShareFile flaws can be chained in pre-auth RCE attacks — www.bleepingcomputer.com — 02.04.2026 16:33
- New Progress ShareFile flaws can be chained in pre-auth RCE attacks — www.bleepingcomputer.com — 02.04.2026 16:33
-
02.04.2026 03:00 1 articles · 1mo ago
watchTowr publicly details the ShareFile vulnerability chain
Initial DisclosurewatchTowr publicly details how CVE-2026-2699 and CVE-2026-2701 can be chained in Progress ShareFile to enable unauthenticated file exfiltration and pre-auth RCE, while noting about 30,000 Storage Zone Controller instances exposed on the public internet, 700 internet-exposed Progress ShareFile instances observed by ShadowServer Foundation, and no active exploitation in the wild as of writing.
Show sources
- New Progress ShareFile flaws can be chained in pre-auth RCE attacks — www.bleepingcomputer.com — 02.04.2026 16:33