Progress ShareFile Storage Zones Controller (SZC) auth bypass and RCE chain (multiple vulnerabilities)

Timeline

1. 02.04.2026 16:33 1 articles · 1mo ago

   watchTowr confirms chained Progress ShareFile SZC bypass and RCE

   Technical Analysis Update

   watchTowr confirms the full exploit chain against Progress ShareFile Storage Zones Controller branch 5.x after identifying CVE-2026-2699 and CVE-2026-2701, showing how an authentication bypass can open the admin interface and lead to remote code execution and unauthenticated file exfiltration.

   Show sources

   • New Progress ShareFile flaws can be chained in pre-auth RCE attacks — www.bleepingcomputer.com — 02.04.2026 16:33

   Open in new tab
2. 02.04.2026 16:33 1 articles · 1mo ago

   Progress releases ShareFile 5.12.4 for SZC vulnerabilities

   Mitigation Patch Update

   Progress addresses CVE-2026-2699 and CVE-2026-2701 in Progress ShareFile 5.12.4, closing the Storage Zones Controller branch 5.x issues that enable admin access, secret handling abuse, and remote code execution.

   Show sources

   • New Progress ShareFile flaws can be chained in pre-auth RCE attacks — www.bleepingcomputer.com — 02.04.2026 16:33

   Open in new tab
3. 02.04.2026 16:33 2 articles · 1mo ago

   Public disclosure of Progress ShareFile SZC exploit chain and exposed instances

   Initial Disclosure

   Public disclosure details how CVE-2026-2699 and CVE-2026-2701 can be chained in Progress ShareFile Storage Zones Controller branch 5.x to enable unauthenticated file exfiltration and pre-auth RCE, while noting that ShadowServer Foundation observes 700 internet-exposed Progress ShareFile instances in the United States and Europe and that no active exploitation in the wild has been observed.

   Show sources

   • New Progress ShareFile flaws can be chained in pre-auth RCE attacks — www.bleepingcomputer.com — 02.04.2026 16:33
   • New Progress ShareFile flaws can be chained in pre-auth RCE attacks — www.bleepingcomputer.com — 02.04.2026 16:33

   Open in new tab