CVE-2026-2701

Summary

Authenticated user can upload a malicious file to the server and execute it, which leads to remote code execution.

Affected Software

VendorProductVersion RangeStatus
ProgressShareFile Storage Zones Controller0 <= 5.12.3affected

Weaknesses

  • CWE-434: CWE-434: Unrestricted Upload of File with Dangerous Type
  • CWE-78: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
  • CWE-94: CWE-94: Improper Control of Generation of Code ('Code Injection')

Workarounds

Reset the secret and password using custom tool provided by ShareFile

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References