Progress ShareFile has released fixes for two critical severity vulnerabilities in Progress ShareFile Storage Zones Controller (SZC) 5.x, tracked as CVE-2026-2699 and CVE-2026-2701.

ArcticWolf's platform is a central hub for cybersecurity professionals, offering insights into managed detection and response (MDR), threat intelligence, and security operations. Through articles, reports, and webinars, ArcticWolf offers insights into detecting and responding to cybersecurity threats effectively. Security analysts can learn about threat hunting, incident response strategies, and security best practices to protect organizations from cyberattacks.

Arctic Wolf

Progress ShareFile has patched two critical vulnerabilities (CVE-2026-2699 and CVE-2026-2701) in Storage Zones Controller (SZC) 5.x. The first flaw is an authentication bypass via improper redirect/session handling in /ConfigService/Admin.aspx, allowing unauthenticated access to admin functions. The second is an arbitrary file upload/unzip vulnerability that enables placing executable files in web-accessible paths. Chained together, they enable pre-authentication remote code execution on SZC versions 5.12.3 and below. The fix is available in version 5.12.4. No active exploitation has been observed yet, but the risk is elevated given the public technical write-up, internet-exposed deployments, and history of ransomware groups targeting file-transfer platforms.

CVE-2026-2699-and-CVE-2026-2701