Remote Code Execution Vulnerability in ShareFile StorageZones Controller
CVE-2026-2701

9.1CRITICAL

Key Information:

Vendor: Progress
Status: Sharefile Storage Zones Controller
Vendor: CVE Published:; 2 April 2026

Badges

📰 News Worthy

What is CVE-2026-2701?

An authenticated user can exploit a file upload vulnerability in ShareFile's StorageZones Controller, allowing potentially malicious files to be uploaded to the server. This flaw can facilitate unauthorized access and execution of code, significantly compromising the system's integrity and security.

Affected Version(s)

ShareFile Storage Zones Controller 0 <= 5.12.3

News Articles

The Hacker News

CVE-2026-2699 CVE-2026-2701

ThreatsDay Bulletin: Pre-Auth Chains, Android Rootkits, CloudTrail Evasion & 10 More Stories

Cybersecurity roundup: ShareFile RCE, Android rootkit, ImageMagick 0-days, XLoader, phishing, and supply chain threats.

4 days ago

References

https://docs.sharefile.com/en-us/storage-zones-controller...

vendor-advisory

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

📰
First article discovered by The Hacker News
Apr 2, 2026
Vulnerability published
Apr 2, 2026
Vulnerability Reserved
Feb 18, 2026

Credit

Piotr Bazydlo of watchTowr

CVE-2026-2701 Data

JSON

Progress

Badges

What is CVE-2026-2701?

Affected Version(s)

News Articles

ThreatsDay Bulletin: Pre-Auth Chains, Android Rootkits, CloudTrail Evasion & 10 More Stories

References

CVSS V3.1

Timeline

Credit