ShareFile Storage Zone Controller path traversal zero-day path traversal flaw
Vulnerability
Summary
Hide ▲
Show ▼
Progress confirmed a high-severity path traversal zero-day in ShareFile Storage Zone Controller, exposing all 5.x and 6.x versions to arbitrary file read and write risk until customers install the fix. The flaw can let an authenticated administrative user read files available to the service account, write attacker-controlled content, or enumerate the server filesystem layout. Progress has released 5.12.5 and 6.0.2 and told customers to update immediately before bringing controllers back online.
Related Happenings
Progress ShareFile access disruption during security threat investigation
Service Disruption
H score1
First: 13.07.2026 15:05
Last: 13.07.2026 15:05
Sources 1
About this happening:
**Progress ShareFile** experienced a **customer-access disruption** after Progress Software identified a **credible external security threat** targeting **Storage Zone Controllers...
Progress ShareFile access disruption during security threat investigation
Service DisruptionAbout this happening: **Progress ShareFile** experienced a **customer-access disruption** after Progress Software identified a **credible external security threat** targeting **Storage Zone Controllers...
Progress ShareFile Storage Zone Controller access disruption
Service Disruption
H score53
First: 10.07.2026 19:30
Last: 10.07.2026 19:30
Sources 1
How related:
Last week, Progress urged customers using ShareFile Storage Zone Controllers to immediately shut down their Windows servers after receiving a warning of a "credible external security threat."
About this happening:
**ShareFile Storage Zone Controller** customers lost access when **Progress Software** temporarily disabled affected accounts and marked them **not operational** while investigati...
Progress ShareFile Storage Zone Controller access disruption
Service DisruptionHow related: Last week, Progress urged customers using ShareFile Storage Zone Controllers to immediately shut down their Windows servers after receiving a warning of a "credible external security threat."
About this happening: **ShareFile Storage Zone Controller** customers lost access when **Progress Software** temporarily disabled affected accounts and marked them **not operational** while investigati...
Latest development: 14.07.2026 19:08
Progress confirmed a high-severity zero-day path traversal vulnerability affecting all 5.x and 6.x versions of ShareFile Storage Zone Controller and released versions 5.12.5 and 6.0.2 to patch the flaw. Progress said the update follows the emergency shutdown of affected controllers and that it has no indication of unauthorized access to any ShareFile customer account or data.
Progress ShareFile Storage Zone Controllers shutdown guidance
Advisory/Mitigation
H score44
First: 10.07.2026 19:26
Last: 10.07.2026 19:26
Sources 1
How related:
Last week, Progress urged customers using ShareFile Storage Zone Controllers to immediately shut down their Windows servers after receiving a warning of a "credible external security threat."
About this happening:
**Progress Software** has told **ShareFile** customers using **Storage Zone Controllers** to **shut down their servers immediately** after detecting a **credible external security...
Progress ShareFile Storage Zone Controllers shutdown guidance
Advisory/MitigationHow related: Last week, Progress urged customers using ShareFile Storage Zone Controllers to immediately shut down their Windows servers after receiving a warning of a "credible external security threat."
About this happening: **Progress Software** has told **ShareFile** customers using **Storage Zone Controllers** to **shut down their servers immediately** after detecting a **credible external security...
Latest development: 14.07.2026 19:08
Progress Software identified a high-severity path traversal vulnerability affecting all 5.x and 6.x versions of ShareFile Storage Zone Controller, reserved a CVE identifier for it, and released versions 5.12.5 and 6.0.2 to patch the flaw and restore the controllers after updating. The company said it has no indication of unauthorized access to any ShareFile customer account or data and no active threat has been identified.
MOVEit Automation authentication bypass (CVE-2026-4670)
Vulnerability
H score69
First: 04.05.2026 15:18
Last: 04.05.2026 15:18
Sources 1
About this happening:
A critical **authentication bypass** in **MOVEit Automation** affects versions before **2025.1.5**, **2025.0.9**, and **2024.1.8**, creating remote access risk for exposed file-tr...
MOVEit Automation authentication bypass (CVE-2026-4670)
VulnerabilityAbout this happening: A critical **authentication bypass** in **MOVEit Automation** affects versions before **2025.1.5**, **2025.0.9**, and **2024.1.8**, creating remote access risk for exposed file-tr...
Timeline
-
14.07.2026 19:08 2 articles · 2h ago
Progress confirms ShareFile Storage Zone Controller path traversal zero-day
Initial DisclosureProgress Software confirmed a high-severity path traversal zero-day in ShareFile Storage Zone Controller affecting all 5.x and 6.x versions, said it had received a credible external security threat warning, and released versions 5.12.5 and 6.0.2 so customers can patch affected Windows servers before bringing controllers back online.
Show sources
- Progress confirms ShareFile zero-day flaw behind Storage Zone shutdown — www.bleepingcomputer.com — 14.07.2026 19:08
- Progress confirms ShareFile zero-day flaw behind Storage Zone shutdown — www.bleepingcomputer.com — 14.07.2026 19:08