CVE-2026-2699 | THREATINT

Description

Customer Managed ShareFile Storage Zones Controller (SZC) allows an unauthenticated attacker to access restricted configuration pages. This leads to changing system configuration and potential remote code execution.

PUBLISHED Reserved 2026-02-18 | Published 2026-04-02 | Updated 2026-04-08 | Assigner ProgressSoftware

CRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-698: Execution After Redirect (EAR)

CWE-284: Improper Access Control

Product status

Default status

unaffected

Any version

affected

Credits

Sonny of watchTowr finder

h4x0r_dz finder

References

github.com/.../watchTowr-vs-Progress-ShareFile-CVE-2026-2699 exploit

docs.sharefile.com/...oller/5-0/security-vulnerability-feb26 vendor-advisory

cve.org (CVE-2026-2699)

nvd.nist.gov (CVE-2026-2699)

Download JSON