Progress ShareFile Storage Zone Controllers shutdown guidance
Advisory/Mitigation
Summary
Hide ▲
Show ▼
Progress Software has told ShareFile customers using Storage Zone Controllers to shut down their servers immediately after detecting a credible external security threat. The instruction affects on-premises Windows servers that bridge the cloud service and customer-managed storage. Progress says it has no indication of unauthorized access to ShareFile accounts or data, but it has temporarily disabled access for affected customers while it investigates.
Related Happenings
Progress Software security patch release for CVE-2026-4670
Security Patch Release
H score44
First: 04.05.2026 19:34
Last: 04.05.2026 19:34
Sources 1
About this happening:
**Progress Software** has released **MOVEit Automation** updates to fix **CVE-2026-4670** and **CVE-2026-5174**, including a **critical authentication bypass** that could expose e...
Progress Software security patch release for CVE-2026-4670
Security Patch ReleaseAbout this happening: **Progress Software** has released **MOVEit Automation** updates to fix **CVE-2026-4670** and **CVE-2026-5174**, including a **critical authentication bypass** that could expose e...
MOVEit Automation authentication bypass (CVE-2026-4670)
Vulnerability
H score69
First: 04.05.2026 15:18
Last: 04.05.2026 15:18
Sources 1
About this happening:
A critical **authentication bypass** in **MOVEit Automation** affects versions before **2025.1.5**, **2025.0.9**, and **2024.1.8**, creating remote access risk for exposed file-tr...
MOVEit Automation authentication bypass (CVE-2026-4670)
VulnerabilityAbout this happening: A critical **authentication bypass** in **MOVEit Automation** affects versions before **2025.1.5**, **2025.0.9**, and **2024.1.8**, creating remote access risk for exposed file-tr...
Progress ShareFile Storage Zones Controller (SZC) auth bypass and RCE chain (multiple vulnerabilities)
Vulnerability
H score60
First: 02.04.2026 16:33
Last: 02.04.2026 16:33
Sources 1
About this happening:
Chained **CVE-2026-2699** and **CVE-2026-2701** in **Progress ShareFile Storage Zones Controller (SZC)** can expose **internet-facing branch 5.x** deployments to **unauthenticated...
Progress ShareFile Storage Zones Controller (SZC) auth bypass and RCE chain (multiple vulnerabilities)
VulnerabilityAbout this happening: Chained **CVE-2026-2699** and **CVE-2026-2701** in **Progress ShareFile Storage Zones Controller (SZC)** can expose **internet-facing branch 5.x** deployments to **unauthenticated...
Progress security patch release for CVE-2026-2699
Security Patch Release
H score68
First: 02.04.2026 16:33
Last: 02.04.2026 16:33
Sources 1
About this happening:
**Progress** released **ShareFile 5.12.4** on **March 10** to fix **CVE-2026-2699** and **CVE-2026-2701** in the **Storage Zones Controller (SZC)** for **branch 5.x**. The update...
Progress security patch release for CVE-2026-2699
Security Patch ReleaseAbout this happening: **Progress** released **ShareFile 5.12.4** on **March 10** to fix **CVE-2026-2699** and **CVE-2026-2701** in the **Storage Zones Controller (SZC)** for **branch 5.x**. The update...
Timeline
-
10.07.2026 19:26 2 articles · 1h ago
Progress tells ShareFile Storage Zone Controller customers to shut down servers
Initial DisclosureProgress Software warned ShareFile customers using Storage Zone Controllers to immediately shut down the Windows servers hosting the on-premises component after identifying a credible external security threat. The company said it had no indication of unauthorized access to any Progress ShareFile accounts or data, temporarily disabled access for affected customers, and said the shutdown step was necessary because cloud-side access restrictions alone were not enough to mitigate the threat.
Show sources
- Progress urges ShareFile customers to shut down servers over "credible" threat — www.bleepingcomputer.com — 10.07.2026 19:26
- Progress urges ShareFile customers to shut down servers over "credible" threat — www.bleepingcomputer.com — 10.07.2026 19:26