Progress Confirms ShareFile Zero-Day Vulnerability and Releases Security Patch

Views: 53 views

390/69 Thursday, July 16, 2026

Progress Software has confirmed that its earlier shutdown of ShareFile Storage Zone Controller was related to a High-severity zero-day vulnerability in the product and has released a security update to address the flaw. Storage Zone Controller is a customer-managed Windows server that allows organizations to store files within their internal environment while continuing to use the ShareFile platform for authentication, access control, auditing, and collaboration.

Reports indicate that the vulnerability is a Path Traversal flaw affecting all ShareFile Storage Zone Controller versions 5.x and 6.x. An authenticated administrative user may be able to read files accessible to the application’s service account, write data to directories, or browse the file structure on the server. Progress stated that it has reserved a CVE identifier for this vulnerability but will release further details later to give customers time to update their systems before technical information is disclosed more broadly.

Progress has released ShareFile Storage Zone Controller versions 5.12.5 and 6.0.2 to fix the vulnerability and recommends that customers install the updates as soon as possible before bringing Storage Zone Controller back online. Administrators should verify the versions in use, restrict internet access to the server to only what is necessary, review access logs and administrator account activity, check for unusual files or changes in system directories, and review the permissions of related service accounts. Progress stated that there is currently no indication of unauthorized access to customer accounts or data.

Source: https://www.bleepingcomputer.com/news/security/progress-confirms-sharefile-zero-day-flaw-behind-storage-zone-shutdown/