CVE-2026-2699 (GCVE-0-2026-2699)

Vulnerability from cvelistv5 – Published: 2026-04-02 13:04 – Updated: 2026-04-08 15:25
VLAI Shadowserver KEVIntel
Title
EAR vulnerability in Progress ShareFile Storage Zones Controller (SZC)
Summary
Customer Managed ShareFile Storage Zones Controller (SZC) allows an unauthenticated attacker to access restricted configuration pages. This leads to changing system configuration and potential remote code execution.
SSVC
Exploitation: poc Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-698 - Execution After Redirect (EAR)
  • CWE-284 - Improper Access Control
Assigner
Impacted products
Vendor Product Version
Progress ShareFile Storage Zones Controller Affected: 0 , ≤ 5.12.3 (semver)
Create a notification for this product.
Credits
Sonny of watchTowr h4x0r_dz
Shadowserver
Known Exploited Vulnerability - GCVE BCP-07 Compliant

Vulnerability ID: CVE-2026-2699

Status: Confirmed

Status Updated: 2026-07-10 15:34 UTC

Exploited: Yes


Characteristics
Severity: 98.0

Timestamps
First Seen: 2026-07-10
Asserted: 2026-07-10
Last Seen: 2026-07-10

Scope
Asset Exposure: ['internet-facing']
Notes: Affected: Progress / Citrix ShareFile StorageZones (aka storage zones) Controller | Class: file-transfer | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-07-10: 3

Evidence

Type: Honeypot

Signal: In The Wild Attempts

Confidence: 70%

Source: shadowserver


Details
1D 1
Iot no
Feed Shadowserver Foundation honeypot/exploited-vulnerabilities
Type http-scan
Class file-transfer
7D Avg 0
Vendor Progress
30D Avg 0
90D Avg 0
Product Citrix ShareFile StorageZones (aka storage zones) Controller
Cisa Kev no
Connections 3
Observation Date 2026-07-10
Vulnerability Class CVSS
Vulnerability Score 9.8
Vulnerability Severity Critical

References

Created: 2026-07-12 01:01 UTC | Updated: 2026-07-12 01:01 UTC
KEVIntel
Known Exploited Vulnerability - GCVE BCP-07 Compliant

Vulnerability ID: CVE-2026-2699

Status: Confirmed

Status Updated: 2026-07-10 00:00 UTC

Exploited: Yes


Timestamps
First Seen: 2026-07-10
Asserted: 2026-07-10

Scope
Notes: EAR vulnerability in Progress ShareFile Storage Zones Controller (SZC) | Affected: Progress / ShareFile Storage Zones Controller | CVSS: 9.8 (CRITICAL) | EPSS: 0.49424 | Used in malware: unknown | Not yet in CISA KEV: True

Evidence

Type: Public Report

Signal: Successful Exploitation

Confidence: 70%

Source: kevintel


Details
Feed KEVIntel (kevintel.com)
Title EAR vulnerability in Progress ShareFile Storage Zones Controller (SZC)
Vendor Progress
Product ShareFile Storage Zones Controller
Added Date 2026-07-10T00:00:00.000Z
Cvss Score 9.8
Epss Score 0.49424
Cvss Severity CRITICAL
Epss Percentile 0.98754
Used In Malware unknown
Ahead Of Cisa Kev None
Not Yet In Cisa Kev True

References

Created: 2026-07-11 11:00 UTC | Updated: 2026-07-11 11:00 UTC
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-2699",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-02T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-03T03:55:24.742Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/watchtowrlabs/watchTowr-vs-Progress-ShareFile-CVE-2026-2699"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "ShareFile Storage Zones Controller",
          "vendor": "Progress",
          "versions": [
            {
              "lessThanOrEqual": "5.12.3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Sonny of watchTowr"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "h4x0r_dz"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Customer Managed ShareFile Storage Zones Controller (SZC) allows an unauthenticated attacker to access restricted configuration pages. This leads to changing system configuration and potential remote code execution."
            }
          ],
          "value": "Customer Managed ShareFile Storage Zones Controller (SZC) allows an unauthenticated attacker to access restricted configuration pages. This leads to changing system configuration and potential remote code execution."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-115",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-115 Authentication Bypass"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-698",
              "description": "CWE-698: Execution After Redirect (EAR)",
              "lang": "en",
              "type": "CWE"
            },
            {
              "cweId": "CWE-284",
              "description": "CWE-284: Improper Access Control",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-08T15:25:21.185Z",
        "orgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
        "shortName": "ProgressSoftware"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://docs.sharefile.com/en-us/storage-zones-controller/5-0/security-vulnerability-feb26"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "EAR vulnerability in Progress ShareFile Storage Zones Controller (SZC)",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text",
              "value": "Harden the Storage Zones Controller access using IIS or use a firewall to block network access to the Storage Zones Controller administration pages from untrusted sources."
            }
          ],
          "value": "Harden the Storage Zones Controller access using IIS or use a firewall to block network access to the Storage Zones Controller administration pages from untrusted sources."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
    "assignerShortName": "ProgressSoftware",
    "cveId": "CVE-2026-2699",
    "datePublished": "2026-04-02T13:04:00.485Z",
    "dateReserved": "2026-02-18T16:18:30.153Z",
    "dateUpdated": "2026-04-08T15:25:21.185Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2026-2699",
      "date": "2026-07-12",
      "epss": "0.49424",
      "percentile": "0.98757"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-2699\",\"sourceIdentifier\":\"security@progress.com\",\"published\":\"2026-04-02T14:16:27.697\",\"lastModified\":\"2026-06-17T10:31:33.870\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Customer Managed ShareFile Storage Zones Controller (SZC) allows an unauthenticated attacker to access restricted configuration pages. This leads to changing system configuration and potential remote code execution.\"}],\"affected\":[{\"source\":\"security@progress.com\",\"affectedData\":[{\"vendor\":\"Progress\",\"product\":\"ShareFile Storage Zones Controller\",\"defaultStatus\":\"unaffected\",\"versions\":[{\"version\":\"0\",\"lessThanOrEqual\":\"5.12.3\",\"versionType\":\"semver\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@progress.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-04-02T00:00:00+00:00\",\"id\":\"CVE-2026-2699\",\"options\":[{\"exploitation\":\"poc\"},{\"automatable\":\"yes\"},{\"technicalImpact\":\"total\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"security@progress.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-284\"},{\"lang\":\"en\",\"value\":\"CWE-698\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:progress:sharefile_storage_zones_controller:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.0.0\",\"versionEndExcluding\":\"5.12.4\",\"matchCriteriaId\":\"7E529EF7-C595-44DE-AC65-65823643EBCD\"}]}]}],\"references\":[{\"url\":\"https://docs.sharefile.com/en-us/storage-zones-controller/5-0/security-vulnerability-feb26\",\"source\":\"security@progress.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://github.com/watchtowrlabs/watchTowr-vs-Progress-ShareFile-CVE-2026-2699\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}",
    "redhat_vex": {
      "current_release_date": "2026-04-03T16:59:28+00:00",
      "cve": "CVE-2026-2699",
      "id": "CVE-2026-2699",
      "initial_release_date": "2026-01-01T00:00:00+00:00",
      "product_status:known_not_affected": "1",
      "source": "Red Hat CSAF VEX",
      "status": "final",
      "title": "EAR vulnerability in Progress ShareFile Storage Zones Controller (SZC)",
      "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-2699.json",
      "version": "3"
    },
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-2699\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-04-02T13:47:36.981154Z\"}}}], \"references\": [{\"url\": \"https://github.com/watchtowrlabs/watchTowr-vs-Progress-ShareFile-CVE-2026-2699\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-04-02T13:47:48.973Z\"}}], \"cna\": {\"title\": \"EAR vulnerability in Progress ShareFile Storage Zones Controller (SZC)\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Sonny of watchTowr\"}], \"impacts\": [{\"capecId\": \"CAPEC-115\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-115 Authentication Bypass\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Progress\", \"product\": \"ShareFile Storage Zones Controller\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.12.3\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://docs.sharefile.com/en-us/storage-zones-controller/5-0/security-vulnerability-feb26\", \"tags\": [\"vendor-advisory\"]}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"Harden the Storage Zones Controller access using IIS or use a firewall to block network access to the Storage Zones Controller administration pages from untrusted sources.\", \"supportingMedia\": [{\"type\": \"text\", \"value\": \"Harden the Storage Zones Controller access using IIS or use a firewall to block network access to the Storage Zones Controller administration pages from untrusted sources.\", \"base64\": false}]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Customer Managed ShareFile Storage Zones Controller (SZC) allows an unauthenticated attacker to access restricted configuration pages. This leads to changing system configuration and potential remote code execution.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Customer Managed ShareFile Storage Zones Controller (SZC) allows an unauthenticated attacker to access restricted configuration pages. This leads to changing system configuration and potential remote code execution.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-698\", \"description\": \"CWE-698: Execution After Redirect (EAR)\"}, {\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-284\", \"description\": \"CWE-284: Improper Access Control\"}]}], \"providerMetadata\": {\"orgId\": \"f9fea0b6-671e-4eea-8fde-31911902ae05\", \"shortName\": \"ProgressSoftware\", \"dateUpdated\": \"2026-04-02T13:04:00.485Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-2699\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-04-03T03:55:24.742Z\", \"dateReserved\": \"2026-02-18T16:18:30.153Z\", \"assignerOrgId\": \"f9fea0b6-671e-4eea-8fde-31911902ae05\", \"datePublished\": \"2026-04-02T13:04:00.485Z\", \"assignerShortName\": \"ProgressSoftware\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}



Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…