Rescana
Critical Vulnerabilities in Progress ShareFile Prompt Urgent Shutdown
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
On July 10, 2026, Progress Software issued an urgent directive for all ShareFile customers to shut down their Storage Zone Controllers (SZC) due to critical vulnerabilities CVE-2026-2699 and CVE-2026-2701. These flaws allow unauthenticated attackers to access configuration pages and potentially execute remote code, posing severe risks to on-premises deployments of ShareFile SZC version 5.x. No patch is available, and while there is no confirmed exploitation in the wild, the vulnerabilities are considered critical. The vulnerabilities are particularly concerning due to the historical context of similar attacks on file transfer solutions. Relevant MITRE ATT&CK techniques include T1190, T1078, and T1059. Cloud-only ShareFile accounts remain unaffected by this threat.
Key Points: • Progress Software warns of critical vulnerabilities in ShareFile SZC requiring immediate shutdown. • CVE-2026-2699 and CVE-2026-2701 allow unauthenticated access and potential remote code execution. • No patches are available, and cloud-only ShareFile accounts are not impacted.