{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-2699","assignerOrgId":"f9fea0b6-671e-4eea-8fde-31911902ae05","state":"PUBLISHED","assignerShortName":"ProgressSoftware","dateReserved":"2026-02-18T16:18:30.153Z","datePublished":"2026-04-02T13:04:00.485Z","dateUpdated":"2026-04-08T15:25:21.185Z"},"containers":{"cna":{"providerMetadata":{"orgId":"f9fea0b6-671e-4eea-8fde-31911902ae05","shortName":"ProgressSoftware","dateUpdated":"2026-04-08T15:25:21.185Z"},"title":"EAR vulnerability in Progress ShareFile Storage Zones Controller (SZC)","problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-698","description":"CWE-698: Execution After Redirect (EAR)","type":"CWE"},{"lang":"en","cweId":"CWE-284","description":"CWE-284: Improper Access Control","type":"CWE"}]}],"impacts":[{"capecId":"CAPEC-115","descriptions":[{"lang":"en","value":"CAPEC-115 Authentication Bypass"}]}],"affected":[{"vendor":"Progress","product":"ShareFile Storage Zones Controller","versions":[{"status":"affected","version":"0","lessThanOrEqual":"5.12.3","versionType":"semver"}],"defaultStatus":"unaffected"}],"descriptions":[{"lang":"en","value":"Customer Managed ShareFile Storage Zones Controller (SZC) allows an unauthenticated attacker to access restricted configuration pages. This leads to changing system configuration and potential remote code execution.","supportingMedia":[{"type":"text/html","base64":false,"value":"Customer Managed ShareFile Storage Zones Controller (SZC) allows an unauthenticated attacker to access restricted configuration pages. This leads to changing system configuration and potential remote code execution."}]}],"references":[{"url":"https://docs.sharefile.com/en-us/storage-zones-controller/5-0/security-vulnerability-feb26","tags":["vendor-advisory"]}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV3_1":{"version":"3.1","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseSeverity":"CRITICAL","baseScore":9.8,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}}],"workarounds":[{"lang":"en","value":"Harden the Storage Zones Controller access using IIS or use a firewall to block network access to the Storage Zones Controller administration pages from untrusted sources.","supportingMedia":[{"type":"text","base64":false,"value":"Harden the Storage Zones Controller access using IIS or use a firewall to block network access to the Storage Zones Controller administration pages from untrusted sources."}]}],"credits":[{"lang":"en","value":"Sonny of watchTowr","type":"finder"},{"lang":"en","value":"h4x0r_dz","type":"finder"}],"source":{"discovery":"EXTERNAL"},"x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"references":[{"url":"https://github.com/watchtowrlabs/watchTowr-vs-Progress-ShareFile-CVE-2026-2699","tags":["exploit"]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-04-02T00:00:00+00:00","options":[{"Exploitation":"poc"},{"Automatable":"yes"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3","id":"CVE-2026-2699"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-04-03T03:55:24.742Z"}}]}}