Progress Urges ShareFile Server Shutdown Over Critical Vulnerability
Key Takeaways Progress Software has issued an urgent directive for customers to power down on-premises ShareFile Storage Zone Controllers. The mandate stems from a “credible external security...
Key Takeaways
- Progress Software has issued an urgent directive for customers to power down on-premises ShareFile Storage Zone Controllers.
- The mandate stems from a “credible external security threat” and is a precautionary measure, not an confirmation of a breach.
- The specific nature of the vulnerability has not been disclosed, but previous critical flaws have affected the Storage Zone Controller.
- Progress has already disabled account access via these controllers and expects to provide further updates within 24 hours.
Progress Software Directs ShareFile Server Shutdown Amid Unspecified Security Threat
Progress Software has issued an immediate and urgent advisory to its customers utilizing on-premises ShareFile Storage Zone Controllers, instructing them to power down the servers hosting these components. The company cited a “credible external security threat” against the platform as the reason for this drastic action.
Table Of Content
Precautionary Measures Implemented
In an email dispatched directly to affected customers, Progress stated that while there is no current evidence of unauthorized access to ShareFile accounts or data, the server shutdown is a precautionary step. The company is actively collaborating with internal and external cybersecurity experts to thoroughly assess the nature of the threat.
As part of its immediate response, Progress has already disabled account access through Storage Zone Controllers for all impacted customers. The email further emphasized the manual shutdown of underlying servers as a “critical additional step” necessary to safeguard data.
Progress anticipates providing further updates within 24 hours. The company has framed this measure as an act of extreme caution rather than an indication of an active security breach or compromise.
Undisclosed Threat Details
The software vendor has not publicly disclosed specific details regarding the nature of the current threat. This lack of information leaves open possibilities, including a newly discovered zero-day vulnerability or renewed exploitation attempts targeting the Storage Zone Controller architecture.
Historical Vulnerabilities in ShareFile Storage Zone Controller
This is not the first instance of significant security concerns related to ShareFile’s customer-managed gateway. In April 2026, researchers at watchTowr Labs publicly revealed two critical, chainable vulnerabilities within the Storage Zone Controller:
- CVE-2026-2699: An authentication bypass vulnerability with a high CVSS score of 9.8.
- CVE-2026-2701: A remote code execution (RCE) flaw, scoring 9.1 on the CVSS scale.
When exploited in tandem, these vulnerabilities allowed unauthenticated attackers to bypass security measures, access restricted configuration pages, and upload malicious ASPX webshells. This chain ultimately enabled full remote code execution without requiring any credentials.
At the time of disclosure, the Shadowserver Foundation identified approximately 784 internet-exposed instances, with the United States and Germany exhibiting the highest concentrations. WatchTowr’s broader scanning efforts, however, revealed nearly 30,000 visible instances globally. Progress subsequently issued patches for these flaws in version 5.12.4, and confirmed that the newer 6.x branch, which is built on .NET Core, remained unaffected.
What You Should Do
- Immediately power down all on-premises ShareFile Storage Zone Controllers as directed by Progress Software.
- Isolate any internet-facing Storage Zone Controller instances from the network if complete shutdown is not immediately feasible, though shutdown is the primary recommendation.
- Closely monitor official communications from Progress Software for further updates, technical details, and potential patching instructions.
- Conduct an internal review of logs for any unusual activity originating from or targeting your ShareFile Storage Zone Controllers prior to the shutdown.
Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.



No Comment! Be the first one.