CVE-2026-2699

Summary

Customer Managed ShareFile Storage Zones Controller (SZC) allows an unauthenticated attacker to access restricted configuration pages. This leads to changing system configuration and potential remote code execution.

Affected Software

VendorProductVersion RangeStatus
ProgressShareFile Storage Zones Controller0 <= 5.12.3affected

Weaknesses

  • CWE-698: CWE-698: Execution After Redirect (EAR)
  • CWE-284: CWE-284: Improper Access Control

Workarounds

Harden the Storage Zones Controller access using IIS or use a firewall to block network access to the Storage Zones Controller administration pages from untrusted sources.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: total

Additional References

References