Threat Intelligence / CVE / CVE-2026-2701

CVE-2026-2701

CVSS 9.1 (CRITICAL) · EPSS 0.3% · Published 2026-04-02

Remote code execution in Progress ShareFile Storage Zones Controller (SZC) 5.x via arbitrary file upload and execution. After exploiting CVE-2026-2699 for admin access, an attacker modifies the Network Share Location to the IIS webroot and uploads a ZIP archive containing a malicious ASPX webshell via /upload.aspx with unzip=true, achieving code execution on the server.

CVSS v3 vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Weaknesses (CWE)

CWE-78, CWE-94, CWE-434

Threats tracking this CVE

Progress ShareFile Pre-Auth RCE Chain via Authentication Bypass and Webshell Upload (CVE-2026-2699 & CVE-2026-2701) — CRITICAL

References

https://docs.sharefile.com/en-us/storage-zones-controller/5-0/security-vulnerability-feb26

Full detection coverage & IOCs for threats exploiting CVE-2026-2701 are available via the Threadlinqs MCP server (Purple tier). View plans →

Markdown version · Threadlinqs Intelligence