CVE-2026-2699 CRITICAL

CVE-2026-2699: EAR vulnerability in Progress ShareFile Storage Zones Controller (SZC)

Vendor Progress
Product ShareFile Storage Zones Controller
Weakness CWE-698
Published April 2, 2026
Last update April 8, 2026

CVSS base score

9.8/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Customer Managed ShareFile Storage Zones Controller (SZC) allows an unauthenticated attacker to access restricted configuration pages. This leads to changing system configuration and potential remote code execution.

Key dates

02Disclosure timeline

April 2, 2026 CVE published
April 8, 2026 Record updated