← back
CVE-2026-2699

EAR vulnerability in Progress ShareFile Storage Zones Controller (SZC)

CVSS 9.8 CRITICALEPSS 49.4%CWE-284CWE-698
Customer Managed ShareFile Storage Zones Controller (SZC) allows an unauthenticated attacker to access restricted configuration pages. This leads to changing system configuration and potential remote code execution.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
Progress · ShareFile Storage Zones Controller
public PoCs found1
cve_referencegithub.com/watchtowrlabs/watchTowr-vs-Progress-ShareFile-CVE-2026-2699unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://docs.sharefile.com/en-us/storage-zones-controller/5-0/security-vulnerability-feb26https://github.com/watchtowrlabs/watchTowr-vs-Progress-ShareFile-CVE-2026-2699