Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.
Reconnecting to live updates…

Progress confirms ShareFile zero-day flaw behind Storage Zone shutdown

0
High
Vulnerability
Published: 07/14/2026 (07/14/2026, 16:08:47 UTC)
Source: Bleeping Computer

Description

Progress Software confirmed a high-severity zero-day path traversal vulnerability in ShareFile Storage Zone Controllers, leading to an emergency shutdown of these customer-managed Windows servers. The flaw affects all 5.x and 6.x versions and allows an authenticated administrative user to read arbitrary files, write attacker-controlled content to arbitrary directories, or enumerate the server filesystem. Progress has released security updates in versions 5.12.5 and 6.0.2 to patch the vulnerability and urges immediate installation. There is currently no indication of active exploitation or unauthorized access to customer data. Storage Zone Controllers enable on-premises file storage integrated with ShareFile's cloud platform, making them valuable targets for data theft. The CVE identifier is reserved and will be published in two weeks.

Affected software

Affected versions
>=5.0.0 <5.12.5>=6.0.0 <6.0.2

AI-Powered Analysis

Machine-generated threat intelligence

AILast updated: 07/14/2026, 16:18:13 UTC

Technical Analysis

A high-severity zero-day path traversal vulnerability was discovered in Progress ShareFile Storage Zone Controllers affecting all 5.x and 6.x versions. This vulnerability allows an authenticated administrative user to read arbitrary files accessible to the application's service account, write attacker-controlled content to arbitrary directories, and enumerate the server filesystem layout. Due to the severity, Progress temporarily disabled access to ShareFile accounts using Storage Zone Controllers and urged customers to shut down their Windows servers. Security updates have been released in versions 5.12.5 and 6.0.2 to address the flaw. Progress reports no evidence of active exploitation or data breaches. The CVE identifier is reserved and will be published in two weeks.

Potential Impact

The vulnerability allows an authenticated administrative user to perform unauthorized file read and write operations and to enumerate the filesystem on ShareFile Storage Zone Controllers. This could lead to data exposure or manipulation on the affected on-premises servers. Although no active exploitation or breaches have been identified, the potential for data theft or extortion exists given the role of Storage Zone Controllers in storing transferred files.

Mitigation Recommendations

Progress has released security updates in ShareFile Storage Zone Controller versions 5.12.5 and 6.0.2 that patch the vulnerability. Customers should immediately apply these updates before bringing Storage Zone Controllers back online. Until patched, Progress recommended shutting down affected Windows servers to prevent potential exploitation. There is currently no indication of active threats or breaches. The CVE will be published in two weeks; meanwhile, follow vendor guidance for updates.

Pro Console: star threats, build custom feeds, automate alerts via Slack, email & webhooks.Upgrade to Pro

Technical Details

Article Source
{"url":"https://www.bleepingcomputer.com/news/security/progress-confirms-sharefile-zero-day-flaw-behind-storage-zone-shutdown/","fetched":true,"fetchedAt":"2026-07-14T16:17:34.236Z","wordCount":689}

Threat ID: 6a56611e68715ace43d24139

Added to database: 07/14/2026, 16:17:34 UTC

Last enriched: 07/14/2026, 16:18:13 UTC

Last updated: 07/15/2026, 02:18:16 UTC

Views: 6

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by
Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

Need more coverage?

Upgrade to Pro Console for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Latest Threats

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses