CVE-2026-2699

Medienbericht

Exploit

EPSS 41.59%
Veröffentlicht 02.04.2026 13:04:00
Zuletzt bearbeitet 21.04.2026 00:26:13
Quelle security@progress.com
CVE-Watchlists
Login
Unerledigt
Login

EAR vulnerability in Progress ShareFile Storage Zones Controller (SZC)

Customer Managed ShareFile Storage Zones Controller (SZC) allows an unauthenticated attacker to access restricted configuration pages. This leads to changing system configuration and potential remote code execution.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 2 Referenzen 7

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Progress ≫ Sharefile Storage Zones Controller Version >= 5.0.0 < 5.12.4

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	41.59%	0.975

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security@progress.com	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CWE-698 Execution After Redirect (EAR)

The web application sends a redirect to another location, but instead of exiting, it executes additional code.

https://thehackernews.com/2026/04/threatsday-bulletin-pre-auth-chains.html

Media Report

https://www.bleepingcomputer.com/news/security/new-progress-sharefile-flaws-can-be-chained-in-pre-auth-rce-attacks/

Media Report

https://docs.sharefile.com/en-us/storage-zones-controller/5-0/security-vulnerability-feb26

Vendor Advisory

https://github.com/watchtowrlabs/watchTowr-vs-Progress-ShareFile-CVE-2026-2699

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2026-2699

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-2699

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-2699

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-2699