ByteOS Network

NVD Vulnerability Details :

CVE-2026-2699

Analyzed

Source-security@progress.com

Published At-02 Apr, 2026 | 14:16

Updated At-21 Apr, 2026 | 00:26

Customer Managed ShareFile Storage Zones Controller (SZC) allows an unauthenticated attacker to access restricted configuration pages. This leads to changing system configuration and potential remote code execution.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Type: Secondary

Version: 3.1

Base score: 9.8

Base severity: CRITICAL

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CPE Matches

Progress Software Corporation

>>sharefile_storage_zones_controller>>Versions from 5.0.0(inclusive) to 5.12.4(exclusive)

cpe:2.3:a:progress:sharefile_storage_zones_controller:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-284	Primary	security@progress.com
CWE-698	Primary	security@progress.com
NVD-CWE-noinfo	Primary	nvd@nist.gov

CWE ID: CWE-284

Type: Primary

Source: security@progress.com

CWE ID: CWE-698

Type: Primary

Source: security@progress.com

CWE ID: NVD-CWE-noinfo

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
https://docs.sharefile.com/en-us/storage-zones-controller/5-0/security-vulnerability-feb26	security@progress.com	Vendor Advisory
https://github.com/watchtowrlabs/watchTowr-vs-Progress-ShareFile-CVE-2026-2699	134c704f-9b21-4f2e-91b3-4a467353bcc0	Exploit Third Party Advisory

Hyperlink: https://docs.sharefile.com/en-us/storage-zones-controller/5-0/security-vulnerability-feb26

Source: security@progress.com

Resource:

Vendor Advisory

Hyperlink: https://github.com/watchtowrlabs/watchTowr-vs-Progress-ShareFile-CVE-2026-2699

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Resource:

Exploit

Third Party Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History