Threat Intelligence / CVE / CVE-2026-2699

CVE-2026-2699

CVSS 9.8 (CRITICAL) · EPSS 9.9% · Published 2026-04-02

Authentication bypass in Progress ShareFile Storage Zones Controller (SZC) 5.x caused by an Execution After Redirect (EAR) flaw in /ConfigService/Admin.aspx. The application uses Response.Redirect(path, false) allowing attackers to intercept and strip the Location header to access the full admin interface without credentials, enabling modification of Storage Zone configuration including network share paths and zone passphrases.

CVSS v3 vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-284, CWE-698

Threats tracking this CVE

Progress ShareFile Pre-Auth RCE Chain via Authentication Bypass and Webshell Upload (CVE-2026-2699 & CVE-2026-2701) — CRITICAL

References

https://docs.sharefile.com/en-us/storage-zones-controller/5-0/security-vulnerability-feb26
https://github.com/watchtowrlabs/watchTowr-vs-Progress-ShareFile-CVE-2026-2699

Full detection coverage & IOCs for threats exploiting CVE-2026-2699 are available via the Threadlinqs MCP server (Purple tier). View plans →

Markdown version · Threadlinqs Intelligence