EUVD-2026-18220CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
4Tags
Description
Authenticated user can upload a malicious file to the server and execute it, which leads to remote code execution.
Analysis
Remote code execution in Progress ShareFile Storage Zones Controller allows authenticated administrators to upload and execute malicious files on the server. This vulnerability is confirmed actively exploited (CISA KEV) with publicly available exploit code, and carries a 9.1 CVSS score due to scope change enabling post-compromise lateral movement. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Inventory all Progress ShareFile Storage Zones Controller deployments and document current versions; immediately audit administrative account activity for anomalies and enforce multi-factor authentication on all admin accounts if not already deployed. Within 7 days: Implement network segmentation to restrict administrative access to ShareFile controllers; review and strengthen phishing defenses and credential monitoring given the attack vector targets admin compromise. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today