Progress ShareFile pre-auth RCE chain disclosed - 30,000 instances exposed, ransomware gangs watching (CVE-2026-2699, CVE-2026-2701)

Two flaws in Progress ShareFile's Storage Zones Controller can be chained for unauthenticated remote code execution - no credentials needed. An attacker first bypasses authentication via improper HTTP redirect handling, then uploads a malicious webshell through the file upload function. watchTowr published full technical details and a proof-of-concept. Around 30,000 instances are exposed online. File transfer solutions are a favorite ransomware target - Clop hit Accellion, GoAnywhere, MOVEit, and Cleo the same way.

Check

Check if you run Progress ShareFile with customer-managed Storage Zones Controller on branch 5.x.

Affected

ShareFile Storage Zones Controller 5.x versions prior to 5.12.4. Cloud-only ShareFile deployments are not affected.

Fix

Update to ShareFile Storage Zones Controller 5.12.4 or later (released March 10). Audit web server logs for requests to /ConfigService/Admin.aspx. Check the webroot for unexpected ASPX files that could indicate existing compromise.