CVE-2026-2699

CRITICAL NUCLEI

EAR vulnerability in Progress ShareFile Storage Zones Controller (SZC)

Title source: cna

Exploitation Summary

EIP tracks 2 public exploits for CVE-2026-2699. PoCs published by 0xBlackash, watchtowrlabs. A Nuclei detection template is also available.

AI-analyzed exploit summary The repository contains only a minimal README with the CVE identifier and no exploit code or technical details. It is a placeholder with no functional content.

Description

Customer Managed ShareFile Storage Zones Controller (SZC) allows an unauthenticated attacker to access restricted configuration pages. This leads to changing system configuration and potential remote code execution.

Exploits (2)

nomisec STUB

by 0xBlackash · poc

https://github.com/0xBlackash/CVE-2026-2699

View Code ZIP pw:eip

The repository contains only a minimal README with the CVE identifier and no exploit code or technical details. It is a placeholder with no functional content.

Classification

Stub 100%

Attack Type

Other

Complexity

Trivial

Reliability

Theoretical

Target: unknown

No auth needed

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Apr 08, 2026 Full analysis →

nomisec SCANNER

by watchtowrlabs · poc

https://github.com/watchtowrlabs/watchTowr-vs-Progress-ShareFile-CVE-2026-2699

View Code ZIP pw:eip

This repository contains a Python script that scans for CVE-2026-2699, an authentication bypass vulnerability in Progress ShareFile. The tool sends a GET request to the `/ConfigService/Admin.aspx` endpoint and checks the response to determine if the target is likely vulnerable.

Classification

Scanner 95%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Progress ShareFile Storage Zones Controller < 5.12.4

No auth needed

Prerequisites: Network access to the target ShareFile instance

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1078 - Valid Accounts

devstral-2 · analyzed Apr 07, 2026 Full analysis →

Nuclei Templates (1)

Progress ShareFile Storage Zones Controller - Authentication Bypass

CRITICALVERIFIEDby DhiyaneshDk

Shodan: title:"ShareFile Storage Server"

FOFA: title=="ShareFile Storage Server"

References (2)

Core 2

Core References

Vendor Advisory vendor-advisory

https://docs.sharefile.com/en-us/storage-zones-controller/5-0/security-vulnerability-feb26

Exploit, Third Party Advisory

https://github.com/watchtowrlabs/watchTowr-vs-Progress-ShareFile-CVE-2026-2699

Scores

CVSS v3 9.8

EPSS 0.3203

EPSS Percentile 96.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-284 CWE-698

Status published

Products (2)

Progress/ShareFile Storage Zones Controller < 5.12.3

progress/sharefile_storage_zones_controller 5.0.0 - 5.12.4

Published Apr 02, 2026

Tracked Since Apr 02, 2026