Advertisementspot_img
HomeSecurity & JusticeProgress Prompts ShareFile Storage Zone Controller Shutdown Amid Security Concerns

Progress Prompts ShareFile Storage Zone Controller Shutdown Amid Security Concerns

Enterprise software giant Progress Software on Friday prompted ShareFile customers to shut down Storage Zone Controller servers amid security concerns.

A Storage Zone Controller provides ShareFile customers with private data storage, either on-premises or on a third-party storage system, that is protected with an application-specific password and is self-managed.

On Friday, the company notified customers that it had disabled access to ShareFile accounts using the Storage Zone Controllers and that it is investigating a ‘credible external security threat’.

“We are aware of a credible external security threat targeting Progress ShareFile Storage Zone Controllers,” a message on the company’s forums reads.

Progress also told customers that, as an additional protection measure, they should manually shut down their Storage Zone Controllers.

“Please manually shut down the server hosting your Storage Zone Controllers as soon as possible while Progress continues its assessment with cybersecurity experts,” the company’s message reads.

Advertisement. Scroll to continue reading.

In a private communication sent to customers, Progress said the access restrictions were temporary, but did not provide details on when the issue would be resolved.

“At this time, we do not indicate unauthorized access to any Progress ShareFile accounts or customer data,” the company said.

Progress has not shared details about the security threat, but users speculate that threat actors might be targeting two vulnerabilities addressed in March.

The flaws, tracked as CVE-2026-2699 (CVSS score of 9.8) and CVE-2026-2701 (CVSS score of 9.1), could be chained together to make configuration changes and upload malicious files to achieve remote code execution (RCE) without authentication.

SecurityWeek has emailed Progress for a statement on the matter and will update this article if the company responds.

Related: Unpatched Backdoor in Tenda Firmware Grants Admin Access to Devices

Related: CISA Urges Immediate Patching of Exploited ColdFusion, Langflow, Joomla Flaws

Related: Critical Gitea Flaw Under Active Exploitation, Researchers Warn

Related: Critical Adobe ColdFusion Vulnerability Exploited in Attacks


Source:

www.securityweek.com