Back

Critical Vulnerabilities in Progress ShareFile Enable Remote Code Execution

Severity: High (Score: 72.0)

Sources: Bleepingcomputer, Cisecurity

Summary

Two vulnerabilities (CVE-2026-2699 and CVE-2026-2701) in Progress ShareFile can be exploited to allow unauthenticated file exfiltration and remote code execution. Discovered by watchTowr, the flaws involve an authentication bypass and a remote code execution vulnerability in the Storage Zones Controller. Attackers can exploit these vulnerabilities to gain access to the ShareFile admin interface and manipulate sensitive configuration settings. The vulnerabilities affect numerous internet-exposed instances of Progress ShareFile, primarily in the U.S. and Europe. A patch was released on March 10, 2026, but no active exploitation has been observed as of April 2, 2026. Organizations using vulnerable versions are urged to apply the patch immediately due to the potential for future exploitation. Proof-of-concept code has been made publicly available, increasing the urgency for remediation. Key Points: • Two critical vulnerabilities in Progress ShareFile can lead to remote code execution. • CVE-2026-2699 allows authentication bypass, while CVE-2026-2701 enables remote code execution. • A patch was released on March 10, 2026, and organizations are advised to update immediately.

Key Entities

  • Data Breach (attack_type)
  • Zero-day Exploit (attack_type)
  • United States (country)
  • CVE-2026-2699 (cve)
  • CVE-2026-2701 (cve)
  • Healthcare (industry)
  • T1041 - Exfiltration Over C2 Channel (mitre_attack)
  • T1190 - Exploit Public-Facing Application (mitre_attack)
  • T1505.003 - Web Shell (mitre_attack)
  • T1567 - Exfiltration Over Web Service (mitre_attack)
  • Progress ShareFile (platform)
  • Storage Zone Controller (platform)
  • Clop (ransomware_group)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed