Safety researchers at watchTowr Labs have disclosed a crucial exploit chain within the Progress ShareFile Storage Zone Controller. <\/p>\n
The vulnerabilities, tracked as CVE-2026-2699 and CVE-2026-2701, allow unauthenticated attackers to attain Distant Code Execution (RCE) and fully compromise weak servers. <\/p>\n
With roughly 30,000 situations uncovered to the general public web, organizations are urged to patch instantly to forestall catastrophic information breaches.<\/p>\n
Managed file switch (MFT)<\/a> options stay a prime goal for superior persistent menace (APT) teams and ransomware syndicates. <\/p>\n Following historic breaches involving instruments like MOVEit, Cleo Concord, and GoAnywhere, menace actors repeatedly hunt for unpatched data-sharing gateways. <\/p>\n These newly uncovered ShareFile flaws current a extremely profitable alternative for attackers trying to infiltrate company networks and siphon delicate mental property.<\/p>\n Whereas Progress ShareFile operates a well-liked SaaS platform, many enterprises make the most of the on-premises Storage Zone Controller to take care of information sovereignty and regulatory compliance. <\/p>\n This software program acts as a customer-managed gateway, permitting organizations to maintain information on native community shares or non-public cloud buckets whereas nonetheless using the primary ShareFile internet interface. <\/p>\n The newly found vulnerabilities reside solely inside this self-hosted utility.<\/p>\n CVE-2026-2699: Bypassing Authentication<\/strong><\/p>\n The assault sequence begins with an authentication bypass <\/a>within the administrator configuration panel ( When an unauthenticated person requests this endpoint, the applying points an HTTP 302 redirect, pointing the person to a safe login web page.<\/p>\n Nonetheless, researchers found a deadly coding error within the underlying C# codebase. The builders handed a\u00a0 This particular flag instructs the server\u00a0not<\/em>\u00a0to terminate the web page\u2019s execution after sending the redirect command. <\/p>\n Generally known as an \u201cExecution After Redirect<\/a>\u201d (EAR) vulnerability, this enables an attacker to easily intercept the HTTP response, drop the\u00a0 CVE-2026-2701: Reaching Distant Code Execution<\/strong><\/p>\n With administrative entry secured, the attacker can exploit the second vulnerability to execute malicious code. <\/p>\n The Storage Zone Controller permits directors to configure a \u201cCommunity Share Location<\/a>\u201d for person uploads. <\/p>\n Whereas the applying assessments the offered path to make sure it has learn and write permissions, it fully fails to validate whether or not the trail is a authentic, protected storage listing.<\/p>\n Attackers can exploit this oversight by reconfiguring the storage vacation spot to level straight into the applying\u2019s public webroot ( As soon as the trail is modified, the attacker can add a malicious ASPX internet shell disguised as an ordinary file. <\/p>\n By navigating to that uploaded script of their browser, the attacker features full, unauthorized distant management over the server.<\/p>\n These vulnerabilities particularly affect Department 5.x of the ShareFile Storage Zone Controller, which is constructed on ASP.NET. <\/p>\n The failings had been confirmed by WatchTowr Labs <\/a>in model 5.12.3. Progress addressed each vulnerabilities in model 5.12.4, which was quietly rolled out to clients on March 10, 2026.<\/p>\n Safety groups should instantly improve their Storage Zone Controllers to model 5.12.4 or later. <\/p>\n Moreover, defenders ought to monitor internet server logs for anomalous requests to configuration endpoints, examine the webroot for sudden ASPX information, and make sure that on-premises file gateways are shielded behind sturdy firewalls wherever potential.<\/p>\n Comply with us on\u00a0Google Information<\/a>,\u00a0LinkedIn<\/a>, and\u00a0X<\/a>\u00a0to Get Prompt Updates and Set GBH as a Most popular Supply in\u00a0Google<\/a>.<\/strong><\/p>\n<\/div>\n\n","protected":false},"excerpt":{"rendered":" Safety researchers at watchTowr Labs have disclosed a crucial exploit chain within the Progress ShareFile Storage Zone Controller. The vulnerabilities, tracked as CVE-2026-2699 and CVE-2026-2701, allow unauthenticated attackers to attain Distant Code Execution (RCE) and fully compromise weak servers. With roughly 30,000 situations uncovered to the general public web, organizations are urged to patch instantly […]<\/p>\n","protected":false},"author":2,"featured_media":13395,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[58],"tags":[4300,1812,2592,1151,2542,8503,1814,8428],"class_list":["post-13393","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-expose","tag-flaws","tag-progress","tag-remote","tag-servers","tag-sharefile","tag-takeover","tag-unauthorized"],"_links":{"self":[{"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/posts\/13393","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=13393"}],"version-history":[{"count":1,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/posts\/13393\/revisions"}],"predecessor-version":[{"id":13394,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/posts\/13393\/revisions\/13394"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/media\/13395"}],"wp:attachment":[{"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=13393"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=13393"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=13393"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}![\"uploaded](\"https:\/\/gbhackers.com\/wp-content\/uploads\/2026\/04\/image-25.png\")
The Goal: Storage Zone Controller<\/strong><\/h2>\n
\/ConfigService\/Admin.aspx<\/code>). <\/p>\nfalse<\/code>\u00a0boolean flag to the\u00a0.Redirect()<\/code>\u00a0operate. <\/p>\nLocation<\/code>\u00a0header, and cargo the absolutely useful admin panel, no credentials required.<\/p>\nC:inetpubwwwrootShareFileStorageCenterdocumentum<\/code>). <\/p>\n![\"webshell](\"https:\/\/gbhackers.com\/wp-content\/uploads\/2026\/04\/image-24.png\")