Progress Software warned ShareFile customers using on-premises Storage Zone Controllers to immediately shut down the Windows servers hosting those systems after identifying a credible external security threat. The company also temporarily disabled access to ShareFile accounts that rely on those controllers as a precaution while it investigates with internal and external cybersecurity experts. Progress said it had no indication of unauthorized access to ShareFile accounts or data at the time of the notice.
The alert affects hybrid ShareFile deployments where Internet-accessible Storage Zone Controllers broker file transfers between the ShareFile cloud service and customer-managed local storage. Progress did not disclose whether the threat is active exploitation, a zero-day, or a related issue tied to earlier ShareFile flaws, but the warning follows recently patched vulnerabilities CVE-2026-2699 and CVE-2026-2701, which could be chained to bypass authentication, upload malicious ASPX webshells, and achieve remote code execution; those issues were fixed in version 5.12.4, while the 6.x .NET Core branch was reported as unaffected.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
3 events from the most recent confirmed update back to the earliest known activity.
Cyber Security News reported that ShareFile Storage Zone Controller had previously been affected by chainable vulnerabilities CVE-2026-2699 and CVE-2026-2701, which allowed authentication bypass, malicious ASPX webshell upload, and remote code execution. Those flaws were patched in version 5.12.4, and the 6.x .NET Core branch was reported as unaffected.
In its notice, Progress stated it had no indication or current evidence of unauthorized access to ShareFile accounts or data at the time of the warning. The company said it was investigating the threat with internal and external cybersecurity experts.
Progress Software issued an urgent advisory telling ShareFile customers using on-premises Storage Zone Controllers to immediately shut down the Windows servers hosting those controllers because of a credible external security threat. As a precaution, the company also temporarily disabled access to ShareFile accounts that use Storage Zone Controllers while it investigated.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
6 references tracked. Mallory keeps watching after this page renders.
scworld.com
Open sourcecybersecuritynews.com
Open sourcethehackernews.com
Open sourcebleepingcomputer.com
Open sourcelabs.beazley.security
Open sourcestatus.sharefile.com
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.