CVE-2026-2699

CRITICAL CVSS 9.8 View on NVD ↗

Description

Customer Managed ShareFile Storage Zones Controller (SZC) allows an unauthenticated attacker to access restricted configuration pages. This leads to changing system configuration and potential remote code execution.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

https://docs.sharefile.com/en-us/storage-zones-controller/5-0/security-vulnerability-feb26
https://github.com/watchtowrlabs/watchTowr-vs-Progress-ShareFile-CVE-2026-2699

Published: Apr 02, 2026 14:16 UTC Modified: Apr 02, 2026 14:16 UTC