Critical ShareFile Vulnerabilities Enable Unauthenticated RCE
Basically, hackers can exploit flaws in ShareFile to run malicious code without needing a password.
Critical vulnerabilities in ShareFile could allow hackers to execute code without authentication. This puts sensitive data at risk for many organizations. Users must update their systems immediately to safeguard against these threats.
What Happened
Two critical vulnerabilities have been identified in the ShareFile content collaboration platform, allowing for unauthenticated remote code execution (RCE). Discovered by WatchTowr, these flaws can be chained together, leading to severe security risks for users of the platform.
The Flaw
The first vulnerability, CVE-2026-2699, has a CVSS score of 9.8, indicating its critical nature. This flaw allows unauthenticated attackers to access restricted configuration pages. It is categorized as an Execution After Redirect (EAR) issue. Attackers can exploit this by modifying HTTP responses to access admin pages without proper authentication.
The second vulnerability, CVE-2026-2701, scores 9.1 on the CVSS scale. It permits arbitrary file uploads, enabling attackers to drop malicious files, such as web shells, onto the server. When combined, these vulnerabilities allow attackers to achieve RCE on vulnerable ShareFile instances.
Who's Affected
Organizations using ShareFile, particularly those running versions prior to 5.12.4, are at risk. ShareFile versions 6.x are not affected. Businesses relying on this platform for sensitive data storage and collaboration need to act promptly to mitigate risks.
What Data Was Exposed
The exploitation of these vulnerabilities could lead to unauthorized access to sensitive files. Attackers could reconfigure ShareFile to store uploaded files in dangerous locations, potentially exfiltrating sensitive data to an attacker-controlled repository, such as an AWS S3 bucket.
Patch Status
Both vulnerabilities were reported to ShareFile in early February and have been addressed in the latest version, 5.12.4. Users are strongly advised to update their systems to this version or later to protect against these vulnerabilities.
Immediate Actions
Organizations should:
- Update ShareFile to version 5.12.4 or later immediately.
- Review access logs for any unauthorized access attempts.
- Implement additional security measures, such as monitoring and alerting for unusual activities.
By taking these steps, businesses can significantly reduce their risk exposure and protect sensitive data from potential exploitation.