—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Multiple Vulnerabilities in Progress ShareFile Storage Zones Controller (SZC)

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: CRITICAL

Software Affected

Progress ShareFile Storage Zones Controller versions prior to 5.12.4 (v5)

Overview

Multiple vulnerabilities have been reported in Progress ShareFile Storage Zones Controller (SZC) which allow an unauthenticated attacker to access restricted configuration pages, execute arbitrary code on the targeted system.

Target Audience:

Large enterprises and organizations using Progress ShareFile Storage Zones Controller.

Risk Assessment:

High risk of unauthorized access to sensitive data.

Impact Assessment:

Potential for Remote code execution (RCE).

Description

Progress ShareFile Storage Zones Controller (SZC) is a server component that enables organizations to securely manage and control on-premises storage for ShareFile, allowing files to remain within their own data centers while integrating with the ShareFile cloud.

Multiple vulnerabilities have been reported in Progress ShareFile Storage Zones Controller (SZC) due to Execution After Redirect (EAR) and arbitrary file upload issues.

Successful exploitation of these vulnerabilities could allow an attacker to change system configuration and trigger remote code execution on the targeted system.

Solution

Apply appropriate updates as mentioned:

https://www.securityweek.com/critical-sharefile-flaws-lead-to-unauthenticated-rce/

Vendor Information

ShareFile

https://docs.sharefile.com/en-us/storage-zones-controller/5-0/security-vulnerability-feb26

Security Week

https://www.securityweek.com/critical-sharefile-flaws-lead-to-unauthenticated-rce/

References

ShareFile

https://docs.sharefile.com/en-us/storage-zones-controller/5-0/security-vulnerability-feb26

Security Week

https://www.securityweek.com/critical-sharefile-flaws-lead-to-unauthenticated-rce/

CVE Name

CVE-2026-2699

CVE-2026-2701

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmnXrnoACgkQ3jCgcSdc

ys/kGg/9FSK6fsB1fnPzwwDz3ikBmZ0evuharldjcTxHqUMuemnUmLvNMAzJYEMY

np89dMt2rjFowDk1pN2N0dlr+jSYy/woprnemqwN8fhNFrqg2CKydKjA1vQUXz3K

9ljneWYHnY5zUfljTQttAKhLQ1d9VhTpXbpxUKEPdNkO1QGtJqI2pS6VUY6CH1ZA

M3k99u1nudipf9eYiCt5yFmiEACYa4Uuw8y1Iqh2dqZgYZ9mKVTKw9RM2R8a2yC+

fYVOlZVgEun+Jcrgc2B3ubYTTuyIpqokpKCzMNfHblQWod5kChutKKbjbxDEkNBo

M2t3yE8DD0kj6A5GJEuOJFiRWSYpgp6Kb0YrE2nH4t6oCmmabtskOU3afJ0zOY4v

zMa9al2BOXnKonG+2jeUoUWHW44hg7nio2ttJkOJduMS24BhOwQbfHdTUL1/+VhQ

GUyPjDFSZurqXwov1M1ioohQwUSIV6l3n2TJlHAUuudezLw+0THjSY61jR1gJ7jz

Lvt8GH60OIkePZzA3auYnaCAobOdb3DbY+gIrYKqJEpjj3y6VGQBKHsc4//EkXUO

7BZs7OaY0RzrAZQxFPbSqBff252id7gcJldUuyzFHjZXzVMwopMxC/N2MohxC7YV

kf52KT5HDRm44a2VOsbDkyuPjVY3A4KE/Ds3SiGnKATP+BHzH8A=

=FO8l

—–END PGP SIGNATURE—–