CVE-2026-2699 (GCVE-0-2026-2699)
Vulnerability from cvelistv5
Published
2026-04-02 13:04
Modified
2026-04-08 15:25
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE
  • CWE-698 - Execution After Redirect (EAR)
  • CWE-284 - Improper Access Control
Summary
Customer Managed ShareFile Storage Zones Controller (SZC) allows an unauthenticated attacker to access restricted configuration pages. This leads to changing system configuration and potential remote code execution.
References
Impacted products
Vendor Product Version
Progress ShareFile Storage Zones Controller Version: 0    5.12.3
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-2699",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-02T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-03T03:55:24.742Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/watchtowrlabs/watchTowr-vs-Progress-ShareFile-CVE-2026-2699"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "ShareFile Storage Zones Controller",
          "vendor": "Progress",
          "versions": [
            {
              "lessThanOrEqual": "5.12.3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Sonny of watchTowr"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "h4x0r_dz"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Customer Managed ShareFile Storage Zones Controller (SZC) allows an unauthenticated attacker to access restricted configuration pages. This leads to changing system configuration and potential remote code execution."
            }
          ],
          "value": "Customer Managed ShareFile Storage Zones Controller (SZC) allows an unauthenticated attacker to access restricted configuration pages. This leads to changing system configuration and potential remote code execution."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-115",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-115 Authentication Bypass"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-698",
              "description": "CWE-698: Execution After Redirect (EAR)",
              "lang": "en",
              "type": "CWE"
            },
            {
              "cweId": "CWE-284",
              "description": "CWE-284: Improper Access Control",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-08T15:25:21.185Z",
        "orgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
        "shortName": "ProgressSoftware"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://docs.sharefile.com/en-us/storage-zones-controller/5-0/security-vulnerability-feb26"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "EAR vulnerability in Progress ShareFile Storage Zones Controller (SZC)",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text",
              "value": "Harden the Storage Zones Controller access using IIS or use a firewall to block network access to the Storage Zones Controller administration pages from untrusted sources."
            }
          ],
          "value": "Harden the Storage Zones Controller access using IIS or use a firewall to block network access to the Storage Zones Controller administration pages from untrusted sources."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
    "assignerShortName": "ProgressSoftware",
    "cveId": "CVE-2026-2699",
    "datePublished": "2026-04-02T13:04:00.485Z",
    "dateReserved": "2026-02-18T16:18:30.153Z",
    "dateUpdated": "2026-04-08T15:25:21.185Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-2699\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-04-02T13:47:36.981154Z\"}}}], \"references\": [{\"url\": \"https://github.com/watchtowrlabs/watchTowr-vs-Progress-ShareFile-CVE-2026-2699\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-04-02T13:47:48.973Z\"}}], \"cna\": {\"title\": \"EAR vulnerability in Progress ShareFile Storage Zones Controller (SZC)\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Sonny of watchTowr\"}], \"impacts\": [{\"capecId\": \"CAPEC-115\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-115 Authentication Bypass\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Progress\", \"product\": \"ShareFile Storage Zones Controller\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.12.3\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://docs.sharefile.com/en-us/storage-zones-controller/5-0/security-vulnerability-feb26\", \"tags\": [\"vendor-advisory\"]}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"Harden the Storage Zones Controller access using IIS or use a firewall to block network access to the Storage Zones Controller administration pages from untrusted sources.\", \"supportingMedia\": [{\"type\": \"text\", \"value\": \"Harden the Storage Zones Controller access using IIS or use a firewall to block network access to the Storage Zones Controller administration pages from untrusted sources.\", \"base64\": false}]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Customer Managed ShareFile Storage Zones Controller (SZC) allows an unauthenticated attacker to access restricted configuration pages. This leads to changing system configuration and potential remote code execution.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Customer Managed ShareFile Storage Zones Controller (SZC) allows an unauthenticated attacker to access restricted configuration pages. This leads to changing system configuration and potential remote code execution.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-698\", \"description\": \"CWE-698: Execution After Redirect (EAR)\"}, {\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-284\", \"description\": \"CWE-284: Improper Access Control\"}]}], \"providerMetadata\": {\"orgId\": \"f9fea0b6-671e-4eea-8fde-31911902ae05\", \"shortName\": \"ProgressSoftware\", \"dateUpdated\": \"2026-04-02T13:04:00.485Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-2699\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-04-03T03:55:24.742Z\", \"dateReserved\": \"2026-02-18T16:18:30.153Z\", \"assignerOrgId\": \"f9fea0b6-671e-4eea-8fde-31911902ae05\", \"datePublished\": \"2026-04-02T13:04:00.485Z\", \"assignerShortName\": \"ProgressSoftware\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.