Progress ShareFile - Critical Flaws Enable Pre-Auth RCE Attacks
Basically, hackers can exploit flaws in ShareFile to run malicious code without needing a password.
New vulnerabilities in Progress ShareFile could allow hackers to execute code without authentication. Thousands of businesses are at risk. Immediate patching is essential to secure systems.
What Happened
Two serious vulnerabilities have been discovered in Progress ShareFile, a secure file transfer solution used by many businesses. These flaws can be exploited together to allow attackers to execute remote code without authentication. The vulnerabilities, identified as CVE-2026-2699 and CVE-2026-2701, were found in the Storage Zones Controller (SZC) component of ShareFile.
How the Attack Works
The attack begins with CVE-2026-2699, which allows unauthorized access to the ShareFile admin interface due to improper handling of HTTP redirects. Once attackers gain access, they can change critical settings, including file storage paths and security configurations.
Next, they exploit CVE-2026-2701 to achieve remote code execution. This is done by uploading malicious files to the server, which can then be executed to compromise the system further. The attackers need to generate valid HMAC signatures and decrypt internal secrets, but this is feasible after exploiting the first flaw.
Who's Affected
Research indicates that approximately 30,000 Storage Zone Controller instances are publicly accessible on the internet. The ShadowServer Foundation has reported around 700 of these instances exposed, primarily in the United States and Europe. Businesses using vulnerable versions of ShareFile are at significant risk of data breaches and unauthorized access.
What Data Was Exposed
If exploited, these vulnerabilities could lead to unauthorized access to sensitive files and data stored within ShareFile. Attackers could manipulate or exfiltrate confidential information, posing a severe threat to organizational security.
Patch Status
Progress Software has addressed these vulnerabilities in version 5.12.4, released on March 10. Users are strongly advised to update their systems immediately to mitigate any risks associated with these flaws.
Immediate Actions
Organizations using Progress ShareFile should take the following steps:
- Update to the latest version (5.12.4) as soon as possible.
- Audit configurations and access controls to ensure no unauthorized changes have been made.
- Monitor for any unusual activity that may indicate exploitation attempts.
Though no active exploitation has been observed yet, the public disclosure of these vulnerabilities is likely to attract malicious actors. Immediate action is crucial to protect sensitive data and maintain system integrity.