Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
7DescriptionCVE.org
Customer Managed ShareFile Storage Zones Controller (SZC) allows an unauthenticated attacker to access restricted configuration pages. This leads to changing system configuration and potential remote code execution.
Articles & Coverage 3
AnalysisAI
Unauthenticated remote code execution affects Progress ShareFile Storage Zones Controller versions up to 5.12.3 via unauthorized access to restricted configuration pages. Attackers can modify system configuration remotely without authentication, leading to complete system compromise. Publicly available exploit code exists (watchTowr Labs GitHub). EPSS score of 0.41% suggests relatively low observed exploitation despite critical CVSS 9.8 rating and POC availability. Vendor patch released per ShareFile security advisory.
Technical ContextAI
ShareFile Storage Zones Controller is an on-premises component of Progress ShareFile that enables enterprises to maintain customer-managed storage infrastructure while using ShareFile's cloud platform. The vulnerability stems from CWE-698 (Execution After Redirect), where the application fails to properly enforce access controls on administrative configuration endpoints. The affected component (CPE: cpe:2.3:a:progress:sharefile_storage_zones_controller) processes HTTP requests to configuration pages without verifying authentication state, allowing direct navigation to restricted management interfaces. This architectural flaw bypasses intended authentication mechanisms, exposing sensitive system configuration capabilities to network-accessible attackers. The CVSS vector (AV:N/AC:L/PR:N/UI:N) confirms no prerequisites beyond network connectivity, making this a complete authentication bypass rather than privilege escalation.
RemediationAI
Upgrade ShareFile Storage Zones Controller to version 5.12.4 or later immediately per Progress security advisory at https://docs.sharefile.com/en-us/storage-zones-controller/5-0/security-vulnerability-feb26. The vendor-released patch addresses the authentication bypass in configuration page access controls. For environments requiring delayed patching, implement network-level access restrictions: configure firewall rules to block external access to Storage Zones Controller management interfaces (typically TCP ports 443/8443 for HTTPS admin console), permitting connections only from trusted administrator IP ranges or internal management VLANs. This compensating control reduces attack surface to internal threats but does not eliminate risk from compromised internal systems or VPN-connected attackers. Alternative mitigation: deploy web application firewall (WAF) with rules blocking direct URL manipulation to administrative paths, though this requires careful tuning to avoid blocking legitimate administrative access and may be bypassed by sophisticated attackers. Note that network segmentation alone is insufficient defense-in-depth given the unauthenticated nature of exploitation; patching remains the only complete remediation.
A vulnerability has been discovered in the customer-managed ShareFile storage zones controller which, if exploited, coul
Remote code execution in Progress ShareFile Storage Zones Controller versions up to 5.12.3 allows high-privileged authen
Same weakness CWE-698 – Execution After Redirect (EAR)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-18218
GHSA-pmc3-p9hx-jq96