Enterprise software giant Progress Software on Friday prompted ShareFile customers to shut down Storage Zone Controller servers amid security concerns.
A Storage Zone Controller provides ShareFile customers with private data storage, either on-premises or on a third-party storage system, that is protected with an application-specific password and is self-managed.
On Friday, the company notified customers that it had disabled access to ShareFile accounts using the Storage Zone Controllers and that it is investigating a ‘credible external security threat’.
“We are aware of a credible external security threat targeting Progress ShareFile Storage Zone Controllers,” a message on the company’s forums reads.
Progress also told customers that, as an additional protection measure, they should manually shut down their Storage Zone Controllers.
“Please manually shut down the server hosting your Storage Zone Controllers as soon as possible while Progress continues its assessment with cybersecurity experts,” the company’s message reads.
“At this time, we do not indicate unauthorized access to any Progress ShareFile accounts or customer data,” the company said.
Progress has not shared details about the security threat, but users speculate that threat actors might be targeting two vulnerabilities addressed in March.
The flaws, tracked as CVE-2026-2699 (CVSS score of 9.8) and CVE-2026-2701 (CVSS score of 9.1), could be chained together to make configuration changes and upload malicious files to achieve remote code execution (RCE) without authentication.
Responding to a SecurityWeek inquiry, Progress said it restored customer access to the ShareFile service over the weekend, cautioning that they should not turn Storage Zone Controllers back on:
“As of 5 p.m. ET on Sunday, July 12, we notified all ShareFile customers with Storage Zone Controllers that their access to the Progress ShareFile cloud service has been restored. However, Storage Zone Controllers must remain turned off while we complete our investigation. At this time, we have no evidence of unauthorized access to any ShareFile customer account or data, and we have not identified any active threat. We will continue to provide customers with updates as additional information becomes available.”
*Updated with statement from Progress Software.
Related: Unpatched Backdoor in Tenda Firmware Grants Admin Access to Devices
Related: CISA Urges Immediate Patching of Exploited ColdFusion, Langflow, Joomla Flaws
Related: Critical Gitea Flaw Under Active Exploitation, Researchers Warn
Related: Critical Adobe ColdFusion Vulnerability Exploited in Attacks
