CVE-2026-2699

CRITICAL NUCLEI

EAR vulnerability in Progress ShareFile Storage Zones Controller (SZC)

Title source: cna

Description

Customer Managed ShareFile Storage Zones Controller (SZC) allows an unauthenticated attacker to access restricted configuration pages. This leads to changing system configuration and potential remote code execution.

Exploits (2)

nomisec STUB

by 0xBlackash · poc

https://github.com/0xBlackash/CVE-2026-2699

View Code ZIP pw:eip

nomisec SCANNER

by watchtowrlabs · poc

https://github.com/watchtowrlabs/watchTowr-vs-Progress-ShareFile-CVE-2026-2699

View Code ZIP pw:eip

Nuclei Templates (1)

Progress ShareFile Storage Zones Controller - Authentication Bypass

CRITICALVERIFIEDby DhiyaneshDk

Shodan: title:"ShareFile Storage Server"

FOFA: title=="ShareFile Storage Server"

References (2)

[Vendor Advisory] https://docs.sharefile.com/en-us/storage-zones-controller/5-0/security-vulnerability-feb26

[Exploit, Third Party Advisory] https://github.com/watchtowrlabs/watchTowr-vs-Progress-ShareFile-CVE-2026-2699

Scores

CVSS v3 9.8

EPSS 0.1503

EPSS Percentile 94.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-284 CWE-698

Status published

Products (2)

Progress/ShareFile Storage Zones Controller < 5.12.3

progress/sharefile_storage_zones_controller 5.0.0 - 5.12.4

Published Apr 02, 2026

Tracked Since Apr 02, 2026