Skip to main content

Sharefile Storage Zones Controller CVE-2026-2699

| EUVDEUVD-2026-18218 CRITICAL
Execution After Redirect (EAR) (CWE-698)
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

7
Analysis Updated
Apr 21, 2026 - 00:43 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Apr 21, 2026 - 00:37 vuln.today
cvss_changed
PoC Detected
Apr 03, 2026 - 16:10 vuln.today
Public exploit code
Patch released
Apr 02, 2026 - 20:30 nvd
Patch available
EUVD ID Assigned
Apr 02, 2026 - 13:45 euvd
EUVD-2026-18218
Analysis Generated
Apr 02, 2026 - 13:45 vuln.today
CVE Published
Apr 02, 2026 - 13:04 nvd
CRITICAL 9.8

DescriptionCVE.org

Customer Managed ShareFile Storage Zones Controller (SZC) allows an unauthenticated attacker to access restricted configuration pages. This leads to changing system configuration and potential remote code execution.

AnalysisAI

Unauthenticated remote code execution affects Progress ShareFile Storage Zones Controller versions up to 5.12.3 via unauthorized access to restricted configuration pages. Attackers can modify system configuration remotely without authentication, leading to complete system compromise. Publicly available exploit code exists (watchTowr Labs GitHub). EPSS score of 0.41% suggests relatively low observed exploitation despite critical CVSS 9.8 rating and POC availability. Vendor patch released per ShareFile security advisory.

Technical ContextAI

ShareFile Storage Zones Controller is an on-premises component of Progress ShareFile that enables enterprises to maintain customer-managed storage infrastructure while using ShareFile's cloud platform. The vulnerability stems from CWE-698 (Execution After Redirect), where the application fails to properly enforce access controls on administrative configuration endpoints. The affected component (CPE: cpe:2.3:a:progress:sharefile_storage_zones_controller) processes HTTP requests to configuration pages without verifying authentication state, allowing direct navigation to restricted management interfaces. This architectural flaw bypasses intended authentication mechanisms, exposing sensitive system configuration capabilities to network-accessible attackers. The CVSS vector (AV:N/AC:L/PR:N/UI:N) confirms no prerequisites beyond network connectivity, making this a complete authentication bypass rather than privilege escalation.

RemediationAI

Upgrade ShareFile Storage Zones Controller to version 5.12.4 or later immediately per Progress security advisory at https://docs.sharefile.com/en-us/storage-zones-controller/5-0/security-vulnerability-feb26. The vendor-released patch addresses the authentication bypass in configuration page access controls. For environments requiring delayed patching, implement network-level access restrictions: configure firewall rules to block external access to Storage Zones Controller management interfaces (typically TCP ports 443/8443 for HTTPS admin console), permitting connections only from trusted administrator IP ranges or internal management VLANs. This compensating control reduces attack surface to internal threats but does not eliminate risk from compromised internal systems or VPN-connected attackers. Alternative mitigation: deploy web application firewall (WAF) with rules blocking direct URL manipulation to administrative paths, though this requires careful tuning to avoid blocking legitimate administrative access and may be bypassed by sophisticated attackers. Note that network segmentation alone is insufficient defense-in-depth given the unauthenticated nature of exploitation; patching remains the only complete remediation.

Share

CVE-2026-2699 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy