Progress Software Shuts Down ShareFile Over External Threat
Corporate storage systems are rarely taken offline unless the risk is serious. Progress Software has asked customers to shut down their ShareFile Storage Zone Controller servers immediately. The request comes in response to a credible external threat. Affected customers have been reporting the outage in the ShareFile support community.
What Storage Zone Controllers Are
The company temporarily suspended ShareFile accounts that operate through Storage Zone Controller and launched an investigation. These controllers let organizations host file storage in their own infrastructure or with a third-party provider. They also allow independent management of that storage.
What Progress Software Has and Has Not Disclosed
Progress Software has not disclosed the nature of the threat. It has also not provided a timeline for when the restrictions will be lifted. At the time of the notification, the company had found no evidence of unauthorized access. No customer data or ShareFile accounts showed signs of compromise.
CVE-2026-2699 and CVE-2026-2701 May Be Involved
Some users have speculated that the attackers may be exploiting two patched vulnerabilities. CVE-2026-2699 carries a CVSS 3.1 score of 9.8. CVE-2026-2701 scores 9.1. Both vulnerabilities were patched in March. No confirmed connection between these CVEs and the current incident has been established. When combined, the two flaws allowed unauthenticated modification of controller settings, malicious file uploads, and subsequent server-side command execution.
Recommended Action
While the investigation continues, Progress Software recommends manually shutting down all servers running Storage Zone Controller. The company describes this shutdown as an additional precautionary measure pending further clarification of the circumstances.
Support Our Threat Intelligence
If you find our technology report and cybersecurity news helpful, consider supporting our work.