# CVE-2026-2699

> Authentication bypass in Progress ShareFile Storage Zones Controller (SZC) 5.x caused by an Execution After Redirect (EAR) flaw in /ConfigService/Admin.aspx. The application uses Response.Redirect(path, false) allowing attackers to intercept and strip the Location header to access the full admin interface without credentials, enabling modification of Storage Zone configuration including network share paths and zone passphrases.

- **CVSS:** 9.8 (CRITICAL)
- **EPSS:** 9.9%
- **CWE:** CWE-284, CWE-698

Canonical: https://intel.threadlinqs.com/cve/CVE-2026-2699
Full threat coverage + IOCs via the Threadlinqs MCP server (Purple tier): https://intel.threadlinqs.com/mcp