Find notable cyber news and cases, enriched with sources, timelines, and signals.

ShareFile Storage Zone Controller path traversal zero-day path traversal flaw

Vulnerability
First reported
Last updated
Happening score
H score 1
1 unique sources, 1 articles

Summary

Hide ▲

Progress confirmed a high-severity path traversal zero-day in ShareFile Storage Zone Controller, exposing all 5.x and 6.x versions to arbitrary file read and write risk until customers install the fix. The flaw can let an authenticated administrative user read files available to the service account, write attacker-controlled content, or enumerate the server filesystem layout. Progress has released 5.12.5 and 6.0.2 and told customers to update immediately before bringing controllers back online.

Related Happenings

Progress ShareFile access disruption during security threat investigation

Service Disruption
H score1 First: 13.07.2026 15:05 Last: 13.07.2026 15:05 Sources 1

About this happening: **Progress ShareFile** experienced a **customer-access disruption** after Progress Software identified a **credible external security threat** targeting **Storage Zone Controllers...

Progress ShareFile Storage Zone Controller access disruption

Service Disruption
H score53 First: 10.07.2026 19:30 Last: 10.07.2026 19:30 Sources 1

How related: Last week, Progress urged customers using ShareFile Storage Zone Controllers to immediately shut down their Windows servers after receiving a warning of a "credible external security threat."

About this happening: **ShareFile Storage Zone Controller** customers lost access when **Progress Software** temporarily disabled affected accounts and marked them **not operational** while investigati...

Latest development: 14.07.2026 19:08

Progress confirmed a high-severity zero-day path traversal vulnerability affecting all 5.x and 6.x versions of ShareFile Storage Zone Controller and released versions 5.12.5 and 6.0.2 to patch the flaw. Progress said the update follows the emergency shutdown of affected controllers and that it has no indication of unauthorized access to any ShareFile customer account or data.

Progress ShareFile Storage Zone Controllers shutdown guidance

Advisory/Mitigation
H score44 First: 10.07.2026 19:26 Last: 10.07.2026 19:26 Sources 1

How related: Last week, Progress urged customers using ShareFile Storage Zone Controllers to immediately shut down their Windows servers after receiving a warning of a "credible external security threat."

About this happening: **Progress Software** has told **ShareFile** customers using **Storage Zone Controllers** to **shut down their servers immediately** after detecting a **credible external security...

Latest development: 14.07.2026 19:08

Progress Software identified a high-severity path traversal vulnerability affecting all 5.x and 6.x versions of ShareFile Storage Zone Controller, reserved a CVE identifier for it, and released versions 5.12.5 and 6.0.2 to patch the flaw and restore the controllers after updating. The company said it has no indication of unauthorized access to any ShareFile customer account or data and no active threat has been identified.

MOVEit Automation authentication bypass (CVE-2026-4670)

Vulnerability
H score69 First: 04.05.2026 15:18 Last: 04.05.2026 15:18 Sources 1

About this happening: A critical **authentication bypass** in **MOVEit Automation** affects versions before **2025.1.5**, **2025.0.9**, and **2024.1.8**, creating remote access risk for exposed file-tr...

Timeline

  1. 14.07.2026 19:08 2 articles · 2h ago

    Progress confirms ShareFile Storage Zone Controller path traversal zero-day

    Initial Disclosure

    Progress Software confirmed a high-severity path traversal zero-day in ShareFile Storage Zone Controller affecting all 5.x and 6.x versions, said it had received a credible external security threat warning, and released versions 5.12.5 and 6.0.2 so customers can patch affected Windows servers before bringing controllers back online.

    Show sources