Progress ShareFile Vulnerabilities - Unauthenticated Exfiltration Risk

What Happened

Recently, two critical vulnerabilities were discovered in Progress ShareFile, an enterprise file transfer solution. These flaws can be exploited together to allow unauthenticated file exfiltration, posing a serious risk to organizations using this software for secure data sharing.

The Flaw

Researchers from watchTowr identified an authentication bypass (CVE-2026-2699) and a remote code execution flaw (CVE-2026-2701) within the Storage Zones Controller (SZC) component of Progress ShareFile versions 5.x. The attack begins with the authentication bypass, which grants attackers access to the admin interface.

What's at Risk

Once inside, attackers can manipulate storage zone configurations, including file paths and sensitive security parameters. The second vulnerability allows for remote code execution by abusing file upload functionality to deploy malicious webshells. Although attackers must generate valid HMAC signatures and decrypt internal secrets, these steps become feasible after exploiting the initial authentication bypass.

Patch Status

Approximately 30,000 SZC instances are exposed publicly, with around 700 instances observed by ShadowServer Foundation. Progress has addressed these vulnerabilities in ShareFile version 5.12.4, released on March 10. While no active exploitation has been reported yet, the public disclosure of these vulnerabilities is likely to attract threat actors.

Immediate Actions

Organizations using vulnerable versions of ShareFile Storage Zone Controller are urged to patch immediately to prevent potential data breaches and ransomware attacks. Ignoring these vulnerabilities could lead to significant data loss and reputational damage.

In conclusion, the discovery of these vulnerabilities highlights the importance of regular updates and vigilance in cybersecurity practices. Organizations must prioritize patching to safeguard their data and systems against emerging threats.